Authentification link with PEAP + PAM + LDAP
Josh Howlett
josh.howlett at bristol.ac.uk
Wed Jun 7 15:18:20 CEST 2006
On 7 Jun 2006, at 13:07, thomas hahusseau wrote:
> Hello,
>
> Finally my boss is not interested in an PEAP authentication due to
> password and login stocked in clear in the OpenLDAP database, and he
> doesn't want to use the ntlm_auth to ask a Active Directory Server.
>
> So I wonder if that kind of authentication is possible.
> PEAP(MsCHAP) request --> Freeradius server (extract the hashed
> password ) --> Authentication request sent to PAM (login + Hashed
> password ) via rlm_auth ---> OpenLDAP Server ( compare hashed password
> received with the one stocked in database )
You don't need to use PAM - in fact, I don't think its possible.
Store your users' passwords in the NTLM hash, and authenticate
directly from FreeRADIUS to LDAP.
josh.
> PAM is used as mediator to permit comparason with hashed stocked in
> OpenLDAP.
>
> My boss only wants cipher/hashed password and login.
> - List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
Josh Howlett, Networking Specialist, University of Bristol.
email: josh.howlett at bristol.ac.uk | phone: +44 (0)7867 907076 |
interal: 7850
More information about the Freeradius-Users
mailing list