freeradius-3.0.1 ldap authenticate

Alan DeKok aland at deployingradius.com
Wed Feb 26 15:46:28 CET 2014


stefan.paetow at diamond.ac.uk wrote:
> However, it should be properly documented for those who do not wish for FR to have the password, and rather use the bind method instead.

  I recommend *not* doing that.  If you don't trust FreeRADIUS with the
password, you don't understand how RADIUS works.

> I'm with Alan B. on this. If the LDAP bind method is clearly documented (even if it's just a "if you don't want FR to have the password and want to use bind, see this URL for more info" comment in the authorize and authenticate sections), then chances are that there will be less requests on the mailing list for help with how to authenticate against LDAP (except for those who don't bother reading the configuration files or the Wiki for that matter).

  We can always hope that people read the configuration files they're
editing.

  Alan DeKok.


More information about the Freeradius-Users mailing list