rlm_ldap: Attribute "User-Password" is required for authentication. HELP Please
Jacob Jarick
mem.namefix at gmail.com
Mon Apr 23 14:56:14 CEST 2007
Forgive the newbie questions but I think its best to clear up confusion.
client -> cisco -> FR server = eap
FR -> ADS 2003 = pap
Is that correct or am I way off track.
On 4/23/07, Alan DeKok <aland at deployingradius.com> wrote:
> Jacob Jarick wrote:
> > Thanks again Alan,
> > For reference the oriellys LDAP book instructs you to set "Auth-Type
> > := LDAP" so thats where I got the bad reference (perhaps other people
> > to).
>
> Yes. There is a LOT of documentation (web pages, etc.) that say to do
> the wrong thing. It's unfortunate that the people writing those don't
> read the FreeRADIUS docs first, and don't ask us to review their
> configuration.
>
> > Now lets see if I understood the tables correctly.
> >
> > PAP is the only method that will support LDAP bind as user ?
>
> It's the other way around. LDAP "bind as user" only works with PAP.
>
> > When Using PAP -> LDAP will I still have to map userPassword to User-Password ?
>
> No.
>
> I've added some more code that will go into 1.1.7 && 2.0. If the LDAP
> module succeeds in retrieving a password from LDAP, it does NOT set
> Auth-Type to LDAP.
>
> > Will there be extra configuration required on free radius to make use
> > of pap -> ADS ldap or will it work automatically because ldap is
> > configured in the modules {} section.
>
> I would ask what other authentication protocols you need to support
> before suggesting to set Auth-Type to LDAP.
>
> > Wont using PAP mean plain text password from client -> cisco wap ->
> > radius -> ADS server ?
>
> No. 802.1x uses EAP, which is NOT PAP, and which is NOT compatible
> with Auth-Type = LDAP.
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list