Alan DeKok wrote:
Rob Shepherd <[EMAIL PROTECTED]> wrote:
I'll use PAP (ldap auth)
Please don't. It makes everything harder.
OK.
LDAP is a database, not an authentication server. Have the server
read the clear-text password from LDAP, and the server will figure out
how to authenticate the user. Remove "ldap" from the "authenticate"
section. It's just not necessary.
No clear-text is stored in LDAP. I have MD5 in userPassword and the two
samba hashes.
The cisco kit, VPN concentrator and switches etc, supply a clear text
password at radius. I figured my only option was to PAP-to-LDAP.
Is there an alternative for this situation?
from the VPN concentrator but mschapv2 from the
wireless, as it'll go through a peap or eap-tls tunnel. I have NT and LM
hashes already in the LDAP, I just need to extract them...
And how I get the nt/lm hashes from ldap and do mschapv2..
ldap.attrmap, and the server will figure out what to do.
Thanks.
--
Rob Shepherd | Computer and Network Engineer | Technium CAST | LL57 4HJ
[EMAIL PROTECTED] | 01248 675024 | 07776 210516
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html