Freeradius doesn't work with ldap
Eduardo Lima
duwise2003 at yahoo.com.br
Wed Nov 21 17:10:48 CET 2007
Alan, I didn't find any option for the mschapv2 problem in your web page.
Unencrypt ldap passwords is not a smart solution.
It seems that windos xp client only accept mschapv2 or TLS to authenticate, if a use TLS, I cannot use ldap because only the client certificate is used to authenticate.
In my network, I need to authenticate with the mail passwords stored in ldap.
Server: red hat with freeradius
Client: windows xp sp2
Protocols: PEAP + MSCHAPv2 + LDAP
I don't use TLS because it only uses certificates to authenticate.
Do you have any suggestion???
Alan DeKok <aland at deployingradius.com> escreveu: Eduardo Lima wrote:
> So I'll have to unencrypt all the ldap passwords to use mschapv2???
Yes. See the web page for your options.
> What about the ldap database security??
The LDAP database has to be kept secure.
Please go read the web page again.
If you want to use MS-CHAP, your options are limited for how to store
passwords. If you don't like those options, then don't use MS-CHAP.
If you want to store passwords via a different method than is
permitted in the table, AND you want to use MS-CHAP, then you need to
change your requirements to match reality.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
---------------------------------
Abra sua conta no Yahoo! Mail, o único sem limite de espaço para armazenamento!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20071121/b60e1d06/attachment.html>
More information about the Freeradius-Users
mailing list