Alan DeKok wrote:
Why not also get the passwords from ldap? Why use PAM at all?
Because LDAP isn't a very good solution for handling passwords, IMO. I
prefer Kerberos in its simplicity.
If you want to use PAM, you have to force it via Auth-Type.
Thank you, the problem for me is that I don't know where to squeeze it
in. :)
Because TTLS involves *two* authentication sessions. An outer one for
EAP-TTLS, and an inner "tunneled" session where the real user-name &&
password is sent.
I am starting to understand that now.
Follow my web site (deployingradius.com) to get EAP-TTLS working.
Once that's working, add LDAP authorization. Then, add PAM to the
*inner* tunnel section.
I will.
Thank you!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html