EAP-PEAP GTC auth_type
Fajar A. Nugraha
fajar at fajar.net
Fri Feb 27 15:19:25 CET 2009
On Fri, Feb 27, 2009 at 6:32 PM, <tnt at kalik.net> wrote:
>>So in short if I want to do "bind as user" in PEAP-GTC, I can't
>>combine it with other authentication methods (like pam)? Too bad.
> Why is it "too bad". Just don't use "bind as user". You should avoid
The LDAP server I'm authenticating against is Lotus Domino, which
stores user password in a Lotus-specific encryption. The only way to
use freeradius to authenticate against it is with "bind as user".
> using methods where Auth-Type is forced. They are very difficult to
> combine with other methods.
The thing that I don't get yet is why on normal radius packet (without
PEAP-GTC) I don't have to set Auth-Type explicitly, yet the ldap
module can use either user password stored in LDAP or bind as user.
With gtc on the other hand, I have to FORCE gtc to use Auth-Type LDAP.
I was hoping that with gtc set to pap the inner-tunnel can use
multiple modules to authenticate, including bind as user when using
More information about the Freeradius-Users