Peter Foreman <[EMAIL PROTECTED]> wrote:
> Probably because you need the PLAIN TEXT password to be able to use chap. I
> guess you're using cryptpass in ldap, which is why chap won't work.
Not only that, but the code does:
ld_user = ldap_connect(instance, user_dn, request->password->strvalue,
1, &res);
i.e. it tires to authenticate to the LDAP server as the user.
> I'm not sure how to do this with the rlm_ldap module though, will need to
> check on that. Maybe somebody else has a solution for it or has experience
> in using chap & ldap?
If you're using LDAP in the 'authorize' section, you can just have
it add the plain-text password to the list of config items. The main
server core (src/main/auth.c) will take care of doing chap/pap
authentication, if no other Auth-Type is specified.
That is, if it has a password (chap/pap) from the RADIUS packet, and
it has a plain-text password from the config items, and there's no
Auth-Type set, it just does chap/pap authentication using the given
password.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
