On Wed, 6 Feb 2002, Matthew Schumacher wrote: > Hello all, > > I am having trouble getting radius to work with ldap. I think I have > the config file setup corretly because I see ldap requests in the debug. > > I want to use pap and {crypt} for password encryption and accourding to > the docs that should work. But I can't seem to get it working in my > lab. Can anyone provide a sample ldif file that I could look at? > > I would prefer for radius to bind as the user to get the attributes and > authenticate. It seems that this should work if I disable the identity > option in the ldap module.
Well, actually if the identity/password options are set to NULL the module will connect to the server anonymously. What you are asking for cannot happen because that is not the way the module works. The module maintains persistent connections to the ldap server which it uses to query the server for user attributes. It will make a new connection *only* to authenticate the user through an ldap operation. Binding as the user will mean that the module will do the authentication before the authorization which is not the way things work in freeradius. It will also mean rewriting a big part of the module and destroying performance so i don't think it can happen. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html