FW: MS-CHAP-v2 and CHAP with different passwords in LDAP
Alan DeKok
aland at deployingradius.com
Sat Dec 8 23:40:24 CET 2007
Edvin Seferovic wrote:
> before somebody yells "not again" - I just wish to ask if it is possible to
> use MS-CHAP and CHAP authentication with a LDAP backend which contains
> clear-text passwords as well as NT-Password ( used for MS-CHAP ) ??? Alan -
> yes/no answer please :)
Read the web page:
http://deployingradius.com/documents/protocols/compatibility.html
If you're doing "bind as user" in LDAP, read this:
http://deployingradius.com/documents/protocols/oracles.html
> If positive - can somebody give me an example of attribute mapping to ldap
> for both ( MS-CHAP and CHAP ) to work ?
You don't do attribute mappings. See the "ldap" section in
radiusd.conf, and look for "password_attribute".
> My setup with LDAP as backend is working with a mapping of NT-Password to
> sambaNTPassword like this :
>
> checkItem NT-Password sambaNTPassword
>
> MS-CHAP works just fine !
>
> For CHAP I added
>
> password_header = "{clear}"
> password_attribute = "userPassword"
> password_radius_attribute = "User-Password"
Where did that last line come from?
> to the LDAP module configuration. But unfortunately chap module doesn't like
> my clear-text password ( stored in userPassword ) for authentication :( How
> else can I say CHAP where to look for the clear-text password.
See the FAQ for "it doesn't work".
Alan DeKok.
More information about the Freeradius-Users
mailing list