Chris,
Chris Parker wrote:
> At 11:22 AM 3/21/2002 -0500, Shawn O'Shea wrote:
>
>> >
>> > > Wed Mar 20 15:35:57 2002 : Auth: Login incorrect:
>> > > [{ed: whatever username -sko}/<CHAP-Password>] (from nas
>> > > UNKNOWN-NAS port 0 cli 8475061520)
>> > >
>> > > If I use just User-Password, this works like a dream. Any suggetions?
>> >
>> > Don't use CHAP.
>>
>> Ok, well the UUNET docs states that I can use PAP or CHAP. Here's what
>> their doc says about it though:
>>
>> Althought the REseller may not be using CHAP, they must configure their
>> RADIUS server to respond to a CHAP request by requesting PAP
>> authentication after declining CHAP. This is done during the LCP phase of
>> creating a PPP session.
>>
>> Is this doable in freeradius?
>
The qmail-ldap (<http://www.nrg4u.com>) code (actually IIRC it's the
auth code) supports 2 menthods of LDAP auth. One method attempts to
bind to the directory as the user, which is what it sounds like
FreeRADIUS does. The other methold is to bind to the directory as a
privileged user (one who has access to all user attributes), crypt what
the client handed you and compare it to userPassword.
I may be possible to implement the second method in FreeRADIUS and use
it for LDAP/CHAP auth. Comments?
Cheers,
Mike
--
Mike Cathey - http://www.mikecathey.com/
Network Administrator
RTC Internet - http://www.catt.com/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
