FR + LDAP + PAM + encryption question

Alan DeKok aland at
Mon Apr 23 16:48:25 CEST 2007

Jacob Jarick wrote:
> Is it possible to encasuplate PAP inside another protocol say EAP to
> prevent from packet sniffers etc.

  Please stop worrying about how RADIUS works.  It's fine.

  Packet sniffers can't grab the PAP passwords.

> Failing that is it possible to asign vlans bases on ldap primary group
> via the ntlm_auth method.

  No.  ntlm_auth is just for authentication.  You have to configure the
server to do LDAP group lookups for per-group VLAN assignment.  See
messages on this list in the last week or so, which include examples.

  Alan DeKok.
--       - The web site of the book - The blog

More information about the Freeradius-Users mailing list