Hello!
I am trying to set up a simple Wlan-authentication using EAP-TTLS to
avoid client certificates and PAM to use the server system
authentication scheme. PAM doesn't know about users, and the users are
situated in a LDAP database, which I think makes it logical to use
rlm_ldap for
The problem is that PAM is never used. This seems to be an artifact of
the fact that rlm_ldap is supposed to fetch a known good password, but
I don't have passwords in the LDAP database. rlm_ldap is indeed
successful in authorizing, but there is no Auth-Type set to handle the
authentication.
If
Erik Karlsson wrote:
I am trying to set up a simple Wlan-authentication using EAP-TTLS to
avoid client certificates and PAM to use the server system
authentication scheme. PAM doesn't know about users, and the users are
situated in a LDAP database, which I think makes it logical to use
Alan DeKok wrote:
Why not also get the passwords from ldap? Why use PAM at all?
Because LDAP isn't a very good solution for handling passwords, IMO. I
prefer Kerberos in its simplicity.
If you want to use PAM, you have to force it via Auth-Type.
Thank you, the problem for me is that
4 matches
Mail list logo
