How to implement two possible passwords? (one for PEAP and otherforTTLS)

Sergio Belkin sebelk at gmail.com
Wed Apr 30 20:08:54 CEST 2008


2008/4/30 Ivan Kalik <tnt at kalik.net>:
> >I have a radius 2.0.2 working with EAP-TTLS, users passwords are in a
>  >LDAP server. Itis working well. Please bear in mind that password and
>  >encrypted in LDAP server and I can't modifiy that (my boss don't
>  >want!). So I need a "secondary" password in clear-text only for
>  >radius, because of this I've added to LDAP an attribute that looks
>  >like userPassword called radiusPassword.
>  >
>
>  Just map radiusPassword to Cleartext-Password and peap will ignore the
>  encrypted userPassword and use Cleartext-Password. So, no extra virtual
>  servers needed. In your ldap.attrmap it's mapped to clrtxtPassword.

Ok, and

>
>
>  >>  >ldap.attrmap
>  >>  >checkItem       $GENERIC$                       radiusCheckItem
>  >>  >replyItem       $GENERIC$                       radiusReplyItem
>  >>  >checkItem   Cleartext-Password       clrtxtPassword
>  >>  >checkItem       User-Password                   userPassword
>
>  I was under impression that this peap password would be the same for
>  everybody. That's best done with a single DEFAULT users file entry.

Yes, because of that I did the comment :)

>
>  Ivcan Kalik
>  Kalik Informatika ISP
>
>
>
>  -
>  List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>



-- 
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -



More information about the Freeradius-Users mailing list