Freeradius doesn't work with ldap

Eduardo Lima duwise2003 at yahoo.com.br
Thu Nov 22 22:41:39 CET 2007


How do I make passwords hashes in ldap??

Do I have to create all the passwords again???

Thanks in advance.

Alan DeKok <aland at deployingradius.com> escreveu: Eduardo Lima wrote:
> Alan, I didn't find any option for the mschapv2 problem in your web page.

  I have no idea what you mean by that.  The compatibility page you were
pointed to is all that matters here:

http://deployingradius.com/documents/protocols/compatibility.html

> Unencrypt ldap passwords is not a smart solution.

  You are being naive and unrealistic.

  Your choices for what is stored in LDAP are given in the table.  Look
up the authentication protocol you want to use, and find out which
password storage methods are compatible.  Pick one.

> It seems that windos xp client only accept mschapv2 or TLS to
> authenticate, if a use TLS,  I cannot use ldap because only the client
> certificate is used to authenticate.

  Which is spelled out in the table on the web page... which I wrote.
Which I'm very familiar with.

> In my network, I need to authenticate with the mail passwords stored in
> ldap.

  In .... what format?

> Protocols: PEAP + MSCHAPv2 + LDAP

  PEAP is an authentication protocol.  LDAP is a database.

  Go read the web page.  It appears you either haven't read it, or you
haven't understood it.

> I don't use TLS because it only uses certificates to authenticate.
> 
> Do you have any suggestion???

  Choose one of the password storage methods given on the web page for
PEAP.  If you don't like those methods, then stop posting messages on
this list.  What you want is impossible, and you're unprepared to accept
that it's impossible.  It can't be done, and you're wasting your time
trying to come up with a solution that doesn't exist.

  This is not something I control.  This is the way things are.  Deal
with it.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


       
---------------------------------
Abra sua conta no Yahoo! Mail, o único sem limite de espaço para armazenamento! 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20071122/c8694fa9/attachment.html>


More information about the Freeradius-Users mailing list