Antw: Re: Is LDAP + EAP Possible For Me?

Stefan Paetow Stefan.Paetow at ja.net
Wed Apr 30 10:45:34 CEST 2014


Ahhhh,

So the users have to log into NDS at least once to populate their Universal Password before they attempt to authenticate through RADIUS. Do I understand that correctly?

Stefan

-----Original Message-----
From: freeradius-users-bounces+stefan.paetow=ja.net at lists.freeradius.org [mailto:freeradius-users-bounces+stefan.paetow=ja.net at lists.freeradius.org] On Behalf Of Anja Ruckdaeschel
Sent: 30 April 2014 09:27
To: FreeRadius users mailing list
Subject: Re: Antw: Re: Is LDAP + EAP Possible For Me?

Dear Alan,

it´s a little mor complicated.... 

Like
https://www.netiq.com/documentation/edir_radius/radiusadmin/data/bxxer30.html
says:
"Enabling Universal Password for eDirectory Users Ensure that you enable Universal Password for the users in eDirectory. After enabling, you need to set the Universal Password either manually or by logging in. 
"

Basic concept is, that you have to trigger the sync from the NDS password
(Hash) to the universal passsword store per user, partitiion or tree, ...
That´s e.g. also possible wih a Novell Client Login with NMAS enabled, but a password change does always do a password sync.
Just wanted to point out the way working for the most edir setups....

But all of that is depending from how you want to have your policies, use your passwords and which methods you use....
e.g. you can also do a no sync policy between those passwords.... as you like it.

See also:
https://www.netiq.com/documentation/edir88/pwm_administration88/data/alpcc1q.html
https://www.netiq.com/documentation/edir88/pwm_administration88/data/alpccs8.html

and

https://www.netiq.com/documentation/edir88/pwm_administration88/data/alpccv4.html



Ciao Anja



>>> <A.L.M.Buxey at lboro.ac.uk> 29.04.2014 23:27 >>>
Hi,

> Are you saying that if universal password will not enable it for 
> existing
users who are not changing their passwords? That sucks. :-/

interesting - its not something I've seen - UP gets turned on, things just
work(tm)

alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Janet(UK) is a trading name of Jisc Collections and Janet Limited, a 
not-for-profit company which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238



More information about the Freeradius-Users mailing list