Antw: Re: LDAP + CHAP
Anja Ruckdaeschel
Anja.Ruckdaeschel at rz.uni-regensburg.de
Mon Mar 3 13:22:29 CET 2014
Hi Adam,
if you are using eDirectory you might want to look into this:
https://www.netiq.com/documentation/edir_radius/
Look out for the Keyword "Universal Password".
if you are using AD, you might want to look into ntlm_auth.
Ciao Anja
>>> Adam Seed <adamjseed at gmail.com> 03.03.2014 13:07 >>>
Hi Arran,
Are you saying I need to make a change to the LDAP? do you know of any
information/guides I can look at?
On Mon, Mar 3, 2014 at 10:30 AM, Arran Cudbard-Bell <
a.cudbardb at freeradius.org> wrote:
>
> On 3 Mar 2014, at 10:21, Adam Seed <adamjseed at gmail.com> wrote:
>
> > Hi Alan,
> >
> > That same wiki says 'The ldap module can only work with PAP passwords
> since it needs to send the clear text user password to the LDAP server to
> authenticate the user.' I might be mis-understanding as im new to Radius,
> but that doesnt sound to positive. Anyway... I'm hoping to find a workaround
>
> For CHAP you need a copy of the password in cleartext. You then pull the
> cleartext password out of LDAP during authorize, and compare it with the
> CHAP-Password (after some hashing), with the PAP module in authenticate.
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
>
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list