LDAP bind as user
rokkhan at gmail.com
Wed Aug 5 14:55:42 CEST 2009
You could use ldap as authentication using EAP-TTLS.
2009/8/5 Alan DeKok <aland at deployingradius.com>:
> Mark Saner wrote:
>> I'm using freeradius 2.0.4 for eap-peap authentication with LDAP as my
>> back end. Everything is working great (thanks to help from this mailing
>> list). However I was wondering if there is a way to get RADIUS to bind
>> to LDAP as the user that is trying to authenticate rather than the LDAP
>> admin account. I recall reading somewhere that it is not recommended to
>> do this but I can't remember where and I am not finding it as I search
>> this morning.
>> Is it possible to bind to the LDAP database as the user trying to
>> authenticate? If so how? If not or if it isn't desirable what
>> suggestions do you have for a more secure way of binding to the LDAP
> It's not possible to do "bind as user" for PEAP. This is because there
> is no password in PEAP that can be used to "bind as user".
> You should use LDAP as a *database*, not as an authentication server.
> Have LDAP supply a password to FreeRADIUS, and FreeRADIUS will
> authenticate the user.
> Alan DeKok.
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users