TTLS-PAP and LDAP for google - User-Password? Cleartext-Password?
little-nemo at virgilio.it
little-nemo at virgilio.it
Thu Nov 23 11:49:02 UTC 2023
Hello to you,
my freeradius 3.2.1 is already auth/authorizing through Active Directory and I'm trying to add a second auth/autz source (google) to the configuration.
I'm using the google-related freeradius templates.
I'm following the google documentation: https://support.google.com/a/answer/9089736?hl=en&ref_topic=9173976&sjid#zippy=%2Cfreeradius
but I'm finding something that don't match with the rlm_pap official documentation. Actually, I'm not able to authenticate.
In particular, the google documentation reports:
/etc/freeradius/3.0/sites-available/default -> authorize
...
if (User-Password) {
update control {
Auth-Type := ldap
}
}
...
BUT in an older post I read that you have to set Cleartext-Password (see: https://freeradius-users.freeradius.narkive.com/jbibA0Uf/pap-warning-authentication-will-fail-unless-a-known-good-password-is-available#post1).
Moreover, in the rlm_pap docs, I don't see User-Password as an Attribute.
Should I avoid the google how-to? I chose it because it seemed a clear step-by-step procedure to follow, but if it contains mistakes I'll abandon it.
Does anyone know another tutorial for such a configuration?
I'd also need to understand what should I add in the "inner" config.
Thanks again for your support, Pietro.
More information about the Freeradius-Users
mailing list