freeradius-3.0.1 ldap authenticate
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Wed Feb 26 11:06:32 CET 2014
On 26 Feb 2014, at 09:41, A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>
>> For security, the LDAP should not return attribute userPassword to
>> freeradius.
>
> if the server doesnt get a password - if using LDAP as your source,
> then how is it supposed to authenticate the user?
By testing the user's credentials with an LDAP bind. He hasn't indicated
he's doing anything other than PAP.
The user has always had to add Auth-Type ldap {} to the authenticate {}
section.
If you're capable of making even the most basic of mental leaps, you
should realise that other authentication modules are listed in
multiple places in the default server, and that, oo, look, the LDAP
module is listed in only one. and oo, it's complaining about an
Auth-Type, oh where did I see one of those before? Oh look! lots of
Auth-types, one for pap, one for chap, one for mschap, but i'm not doing
any of those... Shit. It's missing! I know, maybe i'll add an auth-type
for ldap too. Woohoo it works!
I agree there are some places in the server which are poorly documented
and quite obscure. But this is pretty basic stuff.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140226/f11e9b77/attachment.pgp>
More information about the Freeradius-Users
mailing list