Freeradius doesn't work with ldap

Alan DeKok aland at deployingradius.com
Wed Nov 21 17:58:58 CET 2007


Eduardo Lima wrote:
> Alan, I didn't find any option for the mschapv2 problem in your web page.

  I have no idea what you mean by that.  The compatibility page you were
pointed to is all that matters here:

http://deployingradius.com/documents/protocols/compatibility.html

> Unencrypt ldap passwords is not a smart solution.

  You are being naive and unrealistic.

  Your choices for what is stored in LDAP are given in the table.  Look
up the authentication protocol you want to use, and find out which
password storage methods are compatible.  Pick one.

> It seems that windos xp client only accept mschapv2 or TLS to
> authenticate, if a use TLS,  I cannot use ldap because only the client
> certificate is used to authenticate.

  Which is spelled out in the table on the web page... which I wrote.
Which I'm very familiar with.

> In my network, I need to authenticate with the mail passwords stored in
> ldap.

  In .... what format?

> Protocols: PEAP + MSCHAPv2 + LDAP

  PEAP is an authentication protocol.  LDAP is a database.

  Go read the web page.  It appears you either haven't read it, or you
haven't understood it.

> I don't use TLS because it only uses certificates to authenticate.
> 
> Do you have any suggestion???

  Choose one of the password storage methods given on the web page for
PEAP.  If you don't like those methods, then stop posting messages on
this list.  What you want is impossible, and you're unprepared to accept
that it's impossible.  It can't be done, and you're wasting your time
trying to come up with a solution that doesn't exist.

  This is not something I control.  This is the way things are.  Deal
with it.

  Alan DeKok.



More information about the Freeradius-Users mailing list