Radius and Ldap Authentication problem

Olivier Beytrison olivier at heliosnet.org
Thu Jan 16 14:04:46 CET 2014


On 16.01.2014 12:24, 亚坤 李 wrote:
> As mschapv2 is not supported by ldap, so I use ttls as the default peap
> method.

Wrong, with ldap (except if you run Novell eDirectory), the only working
solution is EAP-TTLS/PAP, where the password is sent in clear-text
within the TLS tunnel and thus can be used to bind to the ldap server.

Other solution would be to store the NT-Hash within your ldap directory,
then mschapv2 would work.

> All of the above are the problem what I encountered by now, can anyone
> help with this, this problem really drive crazy, Thanks.

The list already answered to your question and directed you to the
following page :
http://deployingradius.com/documents/protocols/compatibility.html

If it's RED, it's impossible. So don't ask how it can work because it
won't work. Ever.

Olivier B.
-- 

 Olivier Beytrison
 Network & Security Engineer, HES-SO Fribourg
 Mail: olivier at heliosnet.org


More information about the Freeradius-Users mailing list