FDS + Freeradius = pain.
Joey McDonald
joey at scare.org
Fri Feb 3 19:26:38 CET 2006
I wonder why can't I just use an ldap bind to authenticate? I'm already
doing it to authorize.. seems like I should be able to do it to authenticate
as well.
--joey
On 2/3/06, Alan DeKok <aland at ox.org> wrote:
>
> Joey McDonald <jmcdice at gmail.com> wrote:
> > Well, I'm not using windows systems at all - I've got OSX clients and a
> > linux-based PPTP server. The passwords are stored as SSHA in my LDAP
> > directory. That finally makes sense as to why radtest works, so thanks!
>
> And it explains why MS-CHAP will never work. It's *impossible*.
>
> > My next question is, what Auth-Type should I be using for SSHA's
> > stored in an LDAP directory. Clearly LDAP isn't going to be it if it
> > doesn't support decrypting passwords and I don't wish to store
> > passwords in plain text in the directory.
>
> Then you can't do MS-CHAP. It's a s simple as that.
>
> If you're not willing to store clear-text passwords, you can store
> NT-Passwords in LDAP. But that's your ONLY other option to get
> MS-CHAP to work.
>
> Alan DeKok.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060203/72f827e8/attachment.html>
More information about the Freeradius-Users
mailing list