On Wed, 18 Feb 2004, Jean-Paul Chapalain wrote: > Hi Alan, > > Alan DeKok wrote: > > Jean-Paul Chapalain <[EMAIL PROTECTED]> wrote: > > > >>After many tests, for me the only "EAP methods" that run with Ldap is > >>EAP/TTLS (PAP) (SecureW2 client). > >>I suppose that all other methods use MS-CHAP(LEAP) or MS-CHAPV2(PEAP) > >>and freeradius can retreive clair password for Ldap bind. > > > > > > Then don't bind as the user to LDAP. Use LDAP to retreive the > > clear-text password. > > Could you say me how to retreive clear-text password from Ldap with > FreeRadius ?
Please see doc/rlm_ldap and the list archives. This has been answered lots and lots of times. In general just play with the password_attribute and password_header attributes, place rlm_ldap in the authorize section, make sure that the eap module ends up handling the authentication phase and not rlm_ldap and you 're ok. > > > > > There are other people using LDAP with PEAP. > > With a same config, EAP/TTLS is working with Ldap when EAP/LEAP or > EAP/PEAP is working only with local User-Password ! > > I'm interested for a sample of EAP/LEAP or EAP/PEAP config working with > Ldap Backend. The default config should work with just uncommenting password_attribute and password_header and setting them to the correct values which correspond to your environment. Nothing more should be required. > > > > Alan DeKok. > > > > - > > Thanks, > Jean-Paul. > -- Jean-Paul Chapalain - GICM - Resp. Reseaux et Infrastructure > -- 32 rue Mirabeau - Le Relecq-Kerhuon - 29808 Brest Cedex 9, FRANCE > -- Tel +33298002873 - Fax +33298284005 - [EMAIL PROTECTED] > -- Key Fingerprint: 192C 1CFE F24A 050D F280 A086 AF15 8631 3ABB 4C7D > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html