How to implement two possible passwords? (one for PEAP and otherforTTLS)
Ivan Kalik
tnt at kalik.net
Wed Apr 30 17:55:01 CEST 2008
>I have a radius 2.0.2 working with EAP-TTLS, users passwords are in a
>LDAP server. Itis working well. Please bear in mind that password and
>encrypted in LDAP server and I can't modifiy that (my boss don't
>want!). So I need a "secondary" password in clear-text only for
>radius, because of this I've added to LDAP an attribute that looks
>like userPassword called radiusPassword.
>
Just map radiusPassword to Cleartext-Password and peap will ignore the
encrypted userPassword and use Cleartext-Password. So, no extra virtual
servers needed. In your ldap.attrmap it's mapped to clrtxtPassword.
>> >ldap.attrmap
>> >checkItem $GENERIC$ radiusCheckItem
>> >replyItem $GENERIC$ radiusReplyItem
>> >checkItem Cleartext-Password clrtxtPassword
>> >checkItem User-Password userPassword
I was under impression that this peap password would be the same for
everybody. That's best done with a single DEFAULT users file entry.
Ivcan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list