EAP-PEAP GTC auth_type

Fajar A. Nugraha fajar at fajar.net
Fri Feb 27 15:19:25 CET 2009


On Fri, Feb 27, 2009 at 6:32 PM,  <tnt at kalik.net> wrote:
>>So in short if I want to do "bind as user" in PEAP-GTC, I can't
>>combine it with other authentication methods (like pam)? Too bad.
>
> Why is it "too bad". Just don't use "bind as user". You should avoid

The LDAP server I'm authenticating against is Lotus Domino, which
stores user password in a Lotus-specific encryption. The only way to
use freeradius to authenticate against it is with "bind as user".

> using methods where Auth-Type is forced. They are very difficult to
> combine with other methods.

Yeah.

The thing that I don't get yet is why on normal radius packet (without
PEAP-GTC) I don't have to set Auth-Type explicitly, yet the ldap
module can use either user password stored in LDAP or bind as user.
With gtc on the other hand, I have to FORCE gtc to use Auth-Type LDAP.

I was hoping that with gtc set to pap the inner-tunnel can use
multiple modules to authenticate, including bind as user when using
LDAP.



More information about the Freeradius-Users mailing list