rlm_ldap: Attribute "User-Password" is required for authentication. HELP Please
Jacob Jarick
mem.namefix at gmail.com
Tue Apr 24 02:51:57 CEST 2007
So the big question is, what Auth-Type do I use ?
If LDAP is not permitted (still confuses me as I only need / want
radius to authenticate against LDAP) what Auth-Type do I set in the
users file so that Wireless users can authenticate using their ADS
username and passwords.
On 4/23/07, Jacob Jarick <mem.namefix at gmail.com> wrote:
> Forgive the newbie questions but I think its best to clear up confusion.
>
> client -> cisco -> FR server = eap
>
> FR -> ADS 2003 = pap
>
> Is that correct or am I way off track.
>
> On 4/23/07, Alan DeKok <aland at deployingradius.com> wrote:
> > Jacob Jarick wrote:
> > > Thanks again Alan,
> > > For reference the oriellys LDAP book instructs you to set "Auth-Type
> > > := LDAP" so thats where I got the bad reference (perhaps other people
> > > to).
> >
> > Yes. There is a LOT of documentation (web pages, etc.) that say to do
> > the wrong thing. It's unfortunate that the people writing those don't
> > read the FreeRADIUS docs first, and don't ask us to review their
> > configuration.
> >
> > > Now lets see if I understood the tables correctly.
> > >
> > > PAP is the only method that will support LDAP bind as user ?
> >
> > It's the other way around. LDAP "bind as user" only works with PAP.
> >
> > > When Using PAP -> LDAP will I still have to map userPassword to User-Password ?
> >
> > No.
> >
> > I've added some more code that will go into 1.1.7 && 2.0. If the LDAP
> > module succeeds in retrieving a password from LDAP, it does NOT set
> > Auth-Type to LDAP.
> >
> > > Will there be extra configuration required on free radius to make use
> > > of pap -> ADS ldap or will it work automatically because ldap is
> > > configured in the modules {} section.
> >
> > I would ask what other authentication protocols you need to support
> > before suggesting to set Auth-Type to LDAP.
> >
> > > Wont using PAP mean plain text password from client -> cisco wap ->
> > > radius -> ADS server ?
> >
> > No. 802.1x uses EAP, which is NOT PAP, and which is NOT compatible
> > with Auth-Type = LDAP.
> >
> > Alan DeKok.
> > --
> > http://deployingradius.com - The web site of the book
> > http://deployingradius.com/blog/ - The blog
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
>
More information about the Freeradius-Users
mailing list