Unknown Auth-Type "LDAP" in authenticate sub-section
Fajar A. Nugraha
list at fajar.net
Fri Mar 9 23:01:23 CET 2012
On Sat, Mar 10, 2012 at 3:23 AM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> On Fri, Mar 09, 2012 at 10:59:46AM -0500, up at 3.am wrote:
>> authenticate {
>>
>> #Auth-Type LDAP {
>> redundant LDAP{
>> ldap1
>> ldap2
>>
>> }
> Using "ldap" in the authenticate section is a bit tricky, and you'd be wise
> to avoid it if you can - if the LDAP server will "give" you the password
> (plaintext or crypted) you're better of doing that in "authorize" and
> letting FreeRADIUS perform the auth using rlm_pap or whatever.
Yes.
So to save lots of time and configuration problem: does your LDAP
store user passwords in clear text or any "common" hash (e.g. md5,
unix)? If yes, AND you know what the LDAP attribute is, you don't even
need an LDAP section in authenticate.
--
Fajar
More information about the Freeradius-Users
mailing list