Um 04:27 Uhr am 15.05.05 schrieb Chan Min Wai: > I'm working with freeradius that running EAP auth, the account info is > with LDAP server. > Just want to know what kind of Right did the freeradius need to have on > the LDAP server so that the ACL on the LDAP server can be control. > > Also, I'm abit confused on the Password on LDAP, did we need to "READ" > it or we just have to AUTH with it?
If you want to use any CHAP-like authentication method, Freeradius needs a) READ access (through some sort of proxy user) and b) clear text passwords. If you want to use EAP-TTLS, you just need AUTH, but cannot use MSCHAPv2, but are forced to do something else, like PAP (which is no problem inside a TTLS "tunnel".) Grüße, Sven. -- Sven Hartge -- professioneller Unix-Geek Meine Gedanken im Netz: http://sven.formvision.de/blog/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html