LDAP and Freeradius Bind problem
Phil Mayers
p.mayers at imperial.ac.uk
Mon May 29 12:22:34 CEST 2006
In your previous mail you asked:
> But I don't understand why radius try to bind again with the LDAP
> server using account test.utilisateurs.demo.net Is there a mechanisme
Because you told it to:
>
> # Uncomment it if you want to use ldap for authentication
> #
> # Note that this means "check plain-text password against
> # the ldap database", which means that EAP won't work,
> # as it does not supply a plain-text password.
> Auth-Type LDAP {
> ldap
> }
>
Read the comments.
> with LDAP authentification that I don't Understand ? According to me
> as soon as freeradius found in LDAP the user with the right password
> it should authorize acess.
Authentication via LDAP can work one of two ways:
1. The LDAP server supplies a plaintext password or password hash to
FreeRadius, and FreeRadius performs the authentication itself. This
almost certainly won't work for you since you are binding to the LDAP
server anonymously, and handing out passwords or password hashes to
unauthenticated LDAP search clients would be very silly.
2. For PAP requests ONLY, the Radius server can perform an LDAP simple
bind against the LDAP server to check the password.
You have told it to do the latter. I suggest you read the documentation
for rlm_ldap and configure it correctly for your needs.
More information about the Freeradius-Users
mailing list