VS: VS: Chap auhtentication against LDAP

Ville Leinonen ville.leinonen at solodel.com
Sun Apr 5 16:47:50 CEST 2009


Hi,

Thank you for this reply. Well then i do some scripting and pull
userinfo inside ldap and export it to my radsrv.

Br,

Ville


-----Alkuperäinen viesti-----
Lähettäjä: freeradius-users-bounces+ville.leinonen=solodel.com at lists.freeradius.org puolesta: Alan DeKok
Lähetetty: su 5.4.2009 16:16
Vastaanottaja: FreeRadius users mailing list
Aihe: Re: VS: Chap auhtentication against LDAP
 
Ville Leinonen wrote:
> So i cannot do this about using freeradius, but i can make it
> using IAS (see link)?

  No.  You seemed to have misunderstood my response.  Let me say it a
different way:

  LDAP servers cannot do CHAP authentication.

  Why?

  Because LDAP servers are *DATABASES*.

  LDAP servers are not *authentication* servers.

  FreeRADIUS is an *AUTHENTICATION* server.

  Configure FreeRADIUS so that it pulls the clear-text password from
LDAP.  FreeRADIUS will then do CHAP authentication.

  If you don't have a clear-text password in LDAP, then doing CHAP
authentication is impossible.  It is impossible with FreeRADIUS, IAS,
Cisco ACS, Juniper SBR, Radiator, and also with every other RADIUS
server on the planet.

  And go read my web page:

http://deployingradius.com/documents/protocols/compatibility.html

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 3497 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090405/e1530fc6/attachment.bin>


More information about the Freeradius-Users mailing list