Binding to LDAP as user, rather than anonymous bind
Norman Elton
normelton at gmail.com
Thu Mar 23 22:04:48 CET 2006
I've got wireless equipment that can relay MS-CHAP-v2 requests to my
FreeRADIUS box from Windows XP clients. I see the radius box making
LDAP requests to the LDAP server (over SSL), binding as the anonymous
user, and searching for the target user. So far so good.
The problem is, our password information is not kept in LDAP, so
there is no attribute to compare against. Our LDAP servers pass the
authentication request off to Kerberos. The only way to authenticate
via LDAP is to bind as the target user with the target password,
rather than an anonymous user.
Can FreeRadius extract the password out of the MS-CHAP-v2 request,
and use it to bind against LDAP over SSL? I would much rather not
have to tackle Kerberos, as it looks much more complicated.
Thanks for any help,
Norman Elton
More information about the Freeradius-Users
mailing list