How to implement two possible passwords? (one for PEAP and otherforTTLS)
Sergio Belkin
sebelk at gmail.com
Wed Apr 30 20:08:54 CEST 2008
2008/4/30 Ivan Kalik <tnt at kalik.net>:
> >I have a radius 2.0.2 working with EAP-TTLS, users passwords are in a
> >LDAP server. Itis working well. Please bear in mind that password and
> >encrypted in LDAP server and I can't modifiy that (my boss don't
> >want!). So I need a "secondary" password in clear-text only for
> >radius, because of this I've added to LDAP an attribute that looks
> >like userPassword called radiusPassword.
> >
>
> Just map radiusPassword to Cleartext-Password and peap will ignore the
> encrypted userPassword and use Cleartext-Password. So, no extra virtual
> servers needed. In your ldap.attrmap it's mapped to clrtxtPassword.
Ok, and
>
>
> >> >ldap.attrmap
> >> >checkItem $GENERIC$ radiusCheckItem
> >> >replyItem $GENERIC$ radiusReplyItem
> >> >checkItem Cleartext-Password clrtxtPassword
> >> >checkItem User-Password userPassword
>
> I was under impression that this peap password would be the same for
> everybody. That's best done with a single DEFAULT users file entry.
Yes, because of that I did the comment :)
>
> Ivcan Kalik
> Kalik Informatika ISP
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
More information about the Freeradius-Users
mailing list