How to use different ldap-modules?
Alan DeKok
aland at ox.org
Wed Jun 22 18:59:17 CEST 2005
Florian Prester <Florian.Prester at rrze.uni-erlangen.de> wrote:
> 1.) PAP is just the clear-text password???
Yes.
> -> I thought pap is hashing the password with a challenge (MD-5).
Stop worrying about it. PAP is the clear-text password.
> So I want to the server to hold a crypted Password (MD-5) for PAP, but
> retrieving that from the ldap server.
If the LDAP server has a clear-text password for MS-CHAP, you might
as well use it for PAP. Trying to make PAP use a crypt'd password is
a waste of time, and doesn't gain anything.
> 2.) I do not want to do any binding to the ldap for authentication!
So... don't list "ldap" in the "authenticate" section.
> 3.) For authentication I want to provide PAP, CHAP, and PEAP+TLS using
> MsCHAPv2.
>
> How can I do that? If use the radiusd.conf as it comes the radius
> wants to use ldap for authentication.
No, it doesn't. The default radiusd.conf doesn't use ldap at *all*.
> authenticate {
> ...
> ldap {
> pap
> }
WTF? Don't do that!
Alan DeKok.
More information about the Freeradius-Users
mailing list