On Fri, 8 Oct 2004 [EMAIL PROTECTED] wrote: > Hi all, > > I searched archives and most of doc directoy of freeradius, but couldn`t > find the answer. > > Wat I want to achive - I want to have user authentication LDAP server with > ntpassord/lmpassword for PEAP-MSCHAPv2 and have MD5 userpassword attribute > in LDAP for all the other authentication services we want to provide (vpn > dialin , etc ... ) > > I have read that I have to map radius-userpassord to LDAP password > attribute, so my question is, is there any way to configure freeradius to > check against first against ntpassword and if this fails to check again > against userpassord attribute of LDAP ? > > or do you recommend any other solution for this (maybe something based on > huntgroup) ? I have seen a thread that different LDAP servers could be > selected based on the NAS IP address, is it also possible to have different > attribute mappings between LDAP and Freeradius based on NAS IP Address or > any other attriute in Access-Request ? > > I know simplest solution would be to have clear-text passords in > userpassword of LDAP, but I think from a security point of view we won`t go > this way.
Just use the default configuration as it is. By default rlm_ldap will map ntPassword to NT-PAssword and lmPassword to LM-Password (as can be found by a quick look at ldap.attrmap), so PEAP-MSCHAPv2 will work out of the box. You can just do ldap authentication for the rest of the services which will use the md5 encrypted userpassword attribute (actually it will perform an ldap bind). Hope this helps. > > So any hints would be great > regards > Michael > > -- > +++ GMX DSL Premiumtarife 3 Monate gratis* + WLAN-Router 0,- EUR* +++ > Clevere DSL-Nutzer wechseln jetzt zu GMX: http://www.gmx.net/de/go/dsl > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
