auth to LDAP via two mechanisms
Rob Shepherd
rob at techniumcast.com
Mon Aug 21 11:06:52 CEST 2006
Alan DeKok wrote:
> Rob Shepherd <rob at techniumcast.com> wrote:
>> I'll use PAP (ldap auth)
>
> Please don't. It makes everything harder.
OK.
>
> LDAP is a database, not an authentication server. Have the server
> read the clear-text password from LDAP, and the server will figure out
> how to authenticate the user. Remove "ldap" from the "authenticate"
> section. It's just not necessary.
No clear-text is stored in LDAP. I have MD5 in userPassword and the two
samba hashes.
The cisco kit, VPN concentrator and switches etc, supply a clear text
password at radius. I figured my only option was to PAP-to-LDAP.
Is there an alternative for this situation?
>
>> from the VPN concentrator but mschapv2 from the
>> wireless, as it'll go through a peap or eap-tls tunnel. I have NT and LM
>> hashes already in the LDAP, I just need to extract them...
>
> And how I get the nt/lm hashes from ldap and do mschapv2..
>
> ldap.attrmap, and the server will figure out what to do.
Thanks.
--
Rob Shepherd | Computer and Network Engineer | Technium CAST | LL57 4HJ
rob at techniumcast.com | 01248 675024 | 07776 210516
More information about the Freeradius-Users
mailing list