FR + LDAP + PAM + encryption question

Jacob Jarick mem.namefix at gmail.com
Mon Apr 23 17:04:30 CEST 2007


lol, I admit I am a stress case :P

One more question before crashing out tonight, which would u say is a
more secure method

ntlm_auth -> win2k3 ADS
or
ldap -> win2k3 ADS

considering the encryption / encapsulation methods available.

Or is this another instance where Im over thinking the isssue.

On 4/23/07, Alan DeKok <aland at deployingradius.com> wrote:
> Jacob Jarick wrote:
> > Is it possible to encasuplate PAP inside another protocol say EAP to
> > prevent from packet sniffers etc.
>
>   Please stop worrying about how RADIUS works.  It's fine.
>
>   Packet sniffers can't grab the PAP passwords.
>
> > Failing that is it possible to asign vlans bases on ldap primary group
> > via the ntlm_auth method.
>
>   No.  ntlm_auth is just for authentication.  You have to configure the
> server to do LDAP group lookups for per-group VLAN assignment.  See
> messages on this list in the last week or so, which include examples.
>
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list