questions about RADIUS-LDAP integrations

matteo at crs4.it matteo at crs4.it
Sun Aug 29 11:05:51 CEST 2010


Hello list,
I'm using freeradius since 1 month. I'm running freeradius 2.1.9 on  
fedora 13 with EAP-TTLS and PAP inside the tunnel. The users are  
authenticated against OpenLDAP. Even if the password is cleartext  
(PAP), it should be protected by the crypted tunnel. Then the first  
question is:
Is this mechanism quite secure or do you suggest using another mechanism?

If I'm not wrong, there should be two different methods to get  
authentication with LDAP as backend. The first is just pass the  
credentials to the ldap server and try to authenticate. The second is  
freeradius obtain the password from ldap, strip the header (i.e  
{crypt} ), take the first two characters of the salt and use it to  
crypt the password sent by the . If the two hash are the same, the  
user is authenticated. In this case wich is the best method and how  
the relevant files have to be modified? Should I modify also  
ldap.attmap?
Thanks a lot.
Matteo





----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.





More information about the Freeradius-Users mailing list