LDAP + CHAP
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Mon Mar 3 11:30:35 CET 2014
On 3 Mar 2014, at 10:21, Adam Seed <adamjseed at gmail.com> wrote:
> Hi Alan,
>
> That same wiki says 'The ldap module can only work with PAP passwords since it needs to send the clear text user password to the LDAP server to authenticate the user.' I might be mis-understanding as im new to Radius, but that doesnt sound to positive. Anyway... I'm hoping to find a workaround
For CHAP you need a copy of the password in cleartext. You then pull the cleartext password out of LDAP during authorize, and compare it with the CHAP-Password (after some hashing), with the PAP module in authenticate.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140303/4f9210fb/attachment.pgp>
More information about the Freeradius-Users
mailing list