PEAP + RADIUS + local-Auth + LDAP
Alan DeKok
aland at ox.org
Mon Jun 13 19:01:56 CEST 2005
Florian Prester <Florian.Prester at rrze.uni-erlangen.de> wrote:
> authorize: If I place the "users"-word before anything else, the
> authorization should take place by the users-file, which means if an
> user exists in the users-file it is authoized? correct?
It means that the "users" file is processed before anything else.
You don't need to move it, though. The default configuration works.
> authenticate: If the password matches cleartext/crypt the users is
> authenticated? correct?
Yes.
> 2.) If I try to uses PEAP and LDAP I need cleartext-passwords!? correct?
Or NT-Password.
> If I add "ldap" after the "users"-wordin the authorize-section ldap
> should only be used, if the user cannot be found in the users-file?
No. See doc/configurable_failover
> If I add password_attribute = "sn" thr user is authenticated, if
> the password-hash-challenge is matching the sn-hash-challenge, meaning
> the sn-attribute is taken as password? correct?
Yes.
> 3.) What means the Groupe-authenticate/authorize if I am using ldap?
I'm not sure what you mean by that.
Alan DeKok.
More information about the Freeradius-Users
mailing list