FDS + Freeradius = pain.
Dusty Doris
freeradius at mail.doris.cc
Fri Feb 3 21:05:22 CET 2006
On Fri, 3 Feb 2006, Joey McDonald wrote:
> I wonder why can't I just use an ldap bind to authenticate? I'm already
> doing it to authorize.. seems like I should be able to do it to authenticate
> as well.
>
> --joey
>
Because you don't have a password to do a simple bind with. During
authorization, you are programming the username/password into radius.conf.
So, ldap has a username/password to bind with. During authentication, if
you use ldap, it uses the username/password that comes in the
access-request to bind with. In this case, you don't have a
user-password because you're doing CHAP.
Can you get your NAS to send over the Access-Request with a plaintext
password (PAP)? Then it will work, just like it does when you use
radclient.
More information about the Freeradius-Users
mailing list