EAP-TTLS not working
Marlen Caemmerer
caemmerer at ash-berlin.eu
Fri Oct 28 15:07:40 CEST 2016
Hello,
Am 2016-10-28 13:06, schrieb Matthew Newton:
> On Fri, Oct 28, 2016 at 12:58:38PM +0200, Marlen Caemmerer wrote: Am 2016-10-27 14:14, schrieb Alan DeKok:
>
> Because MS-CHAPv2 doesn't supply a password.
>
> The simple answer is that you should give the password to FreeRADIUS, and let FreeRADIUS authenticate the user. You shouldn't write a Perl script to do the authentication.
> What would you recommend to let FreeRadius authenticate the user? LDAP
> or users file or something else?
That totally depends on where your usernames/passwords are
actually stored.
i.e. where is your perl script looking?
Basically the perl script is querying a service that just returns if the
user/password is correct or not.
It queries LDAP but I dont need to specify and additional rights on the
LDAP server to make Radius able to connect to the LDAP.
I guess this would require read permissions for the user/password
fields.
It this page here is still current
http://deployingradius.com/documents/protocols/compatibility.html [1]
I'd have to go for TTLS-PAP only anyway even if the LDAP was connected
directly.
With kind regards
Marlen Caemmerer
--
************************************************
Alice Salomon Hochschule
Computerzentrum
Marlen Caemmerer
Alice-Salomon-Platz 5
12627 Berlin
Email: caemmerer at ash-berlin.eu
************************************************
Links:
------
[1] http://deployingradius.com/documents/protocols/compatibility.html
More information about the Freeradius-Users
mailing list