rlm_ldap: Attribute "User-Password" is required for authentication. HELP Please

Jacob Jarick mem.namefix at gmail.com
Mon Apr 23 14:56:14 CEST 2007


Forgive the newbie questions but I think its best to clear up confusion.

client -> cisco -> FR server = eap

FR -> ADS 2003 = pap

Is that correct or am I way off track.

On 4/23/07, Alan DeKok <aland at deployingradius.com> wrote:
> Jacob Jarick wrote:
> > Thanks again Alan,
> > For reference the oriellys LDAP book instructs you to set "Auth-Type
> > := LDAP" so thats where I got the bad reference (perhaps other people
> > to).
>
>   Yes.  There is a LOT of documentation (web pages, etc.) that say to do
> the wrong thing.  It's unfortunate that the people writing those don't
> read the FreeRADIUS docs first, and don't ask us to review their
> configuration.
>
> > Now lets see if I understood the tables correctly.
> >
> > PAP is the only method that will support LDAP bind as user ?
>
>   It's the other way around.  LDAP "bind as user" only works with PAP.
>
> > When Using PAP -> LDAP will I still have to map userPassword to User-Password ?
>
>   No.
>
>   I've added some more code that will go into 1.1.7 && 2.0.  If the LDAP
> module succeeds in retrieving a password from LDAP, it does NOT set
> Auth-Type to LDAP.
>
> > Will there be extra configuration required on free radius to make use
> > of pap -> ADS ldap or will it work automatically because ldap is
> > configured in the modules {} section.
>
>   I would ask what other authentication protocols you need to support
> before suggesting to set Auth-Type to LDAP.
>
> > Wont using PAP mean plain text password from client -> cisco wap ->
> > radius -> ADS server ?
>
>   No.  802.1x uses EAP, which is NOT PAP, and which is NOT compatible
> with Auth-Type = LDAP.
>
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list