--- Kostas Kalevras <[EMAIL PROTECTED]> wrote: > On Thu, 18 Mar 2004, David Dunn wrote: > > > Dear all, > > > > I'm a newbie to FR so please bear with me. > > > > I'm doing TTLS for wireless access. The wireless > > client is Alfa-Ariss SecureW2 with Netscape LDAP > as > > backend (passwords are SHA encrypted). FR is CVS > > snapshot-20040308 running on RH9. > > > > I planned to retrieve the encrypted password from > > LDAP. During the final stage of the TTLS > > authentication use PAP module to encrypt the > cleartext > > password from SecureW2 into SHA hash and compare > with > > the retrieved one. > > > > But what actually happen is that FR indicate it > found > > 'Auth-Type LDAP' during the final stage (request 5 > in > > my debug) and proceed to use LDAP for user > password > > authentication, since I didn't enable LDAP for > > authentication, it failed. > > > > If I enable LDAP for authentication, it works. A > > success bind to LDAP will authenticate the user. > But > > cleartext password is used and I would rather > avoid > > it. > > > > So how can I use PAP for password authentication > or is > > it not possible? > > You need to set Auth-Type in the users file. Since > you don't the ldap module > sets it to LDAP.
OK I understand, but what Auth-Type should I set in the users file? It shouldn't be LDAP (I'll end up where I started). Nor PAP, as password is not available before the EAP-TLS tunnel has been established and authentication will fail. Set to EAP, once the password is sent through the TLS tunnel FR still expect EAP authentication and it failed. Suggestions? Thanks. __________________________________ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
