Beating a dead horse, or freeradius 2.1.1 and active directory

Alan DeKok aland at
Thu Dec 4 09:49:20 CET 2008

Ben Little wrote:
>  Yeah, I'm not sure I want to use LDAP (clear text) for authentication. 

  LDAP is a database, not a password management system.

  If the incoming Access-Requests contain clear-text passwords, then
there is no additional security problem when you check them against LDAP.

> I'm starting to think that I can just use md5 passwords in a database or
> a flat file to manage it, there's really not that many "administrative"
> users for the cisco equipment.  It's either that or pony up several
> thousands for the Cisco ACS was worth beating my head
> against a wall for a few days though :-)

  Use LDAP.  Configure it, and it will work.

  Alan DeKok.

More information about the Freeradius-Users mailing list