auth to LDAP via two mechanisms
Alan DeKok
aland at deployingradius.com
Fri Aug 18 18:33:01 CEST 2006
Rob Shepherd <rob at techniumcast.com> wrote:
> I'll use PAP (ldap auth)
Please don't. It makes everything harder.
LDAP is a database, not an authentication server. Have the server
read the clear-text password from LDAP, and the server will figure out
how to authenticate the user. Remove "ldap" from the "authenticate"
section. It's just not necessary.
> from the VPN concentrator but mschapv2 from the
> wireless, as it'll go through a peap or eap-tls tunnel. I have NT and LM
> hashes already in the LDAP, I just need to extract them...
See ldap.attrmap.
> Could I get a pointers on how I command the right auth type for the
> right device.
You don't. You supply the server with passwords, and it figure out
what to do.
> And how I get the nt/lm hashes from ldap and do mschapv2..
ldap.attrmap, and the server will figure out what to do.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list