How to use different ldap-modules?

Florian Prester Florian.Prester at rrze.uni-erlangen.de
Tue Jun 21 09:12:33 CEST 2005 

Alan DeKok wrote:

>Florian Prester <Florian.Prester at rrze.uni-erlangen.de> wrote:
>  
>
>>I configured 2 ldap modules, one using a clear-text password for 
>>PEAP-TLS with MS-CHAPv2 or only CHAP authentication,
>>and one retrieving a Crypt-Password for using PAP-Authentication.
>>    
>>
>
>  Why?  Just use the clear-text password to do all of the
>authentication.  You're making work for yourself without any gain.
>  
>

But how can I do PAP with a clear-text password?

>  
>
>>group {
>>    
>>
>...
>
>  You're listing EAP in that group.  DON'T.
>  
>

Sorry, didn`t wanna do that!
But I want to achieve that the authentication is first trying CHAP, then 
PAP and so on.

>  
>
>>But it only takes the first entry, and if I switch the order of ldap-PAP 
>>and ldap-PEAP, so it should take ldap-PAP, therefore retrieve an 
>>Crypt-Password from the ldap-PAP-section it wants to use ldap for 
>>authentication!?!?!?
>>    
>>
>
>  Yes.
>  
>
How can I change that?
I thought  radius is taking that kind of authentication which request is 
comming in?!
So I sniffed and there are comming different request:

    PAP: User-Password
    CHAP: CHAP-Password

So how can I tell the radius to take the proper authentication and 
therefore a specific password using the LDAP profile?
In LDAP the clear-text password is given as well as the crypt one?

>  
>
>>What do I wrong?
>>    
>>
>
>  You've made massive changes to the configuration files.
>
>  Stop using two LDAP instances.  You don't need them.  Use the
>default configuration, with one LDAP module in the places shown by the
>default configuration.  It WILL work.
>
>  Alan DeKok.
>
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>  
>
I am sorry, if I am annoying you, but I am kind of confused and do not 
know what to do anymore.
Thanks
Florian

-- 
--------------------------------------------------------------
Dipl. Inf. Florian Prester
Network Administration
Regionales RechenZentrum Erlangen
Universitaet Erlangen-Nuernberg
Germany

Tel.: +499131 8527813

More information about the Freeradius-Users mailing list