On Fri, 3 Feb 2006, Joey McDonald wrote:
I wonder why can't I just use an ldap bind to authenticate? I'm already
doing it to authorize.. seems like I should be able to do it to authenticate
as well.
--joey
Because you don't have a password to do a simple bind with. During
authorization, you are programming the username/password into radius.conf.
So, ldap has a username/password to bind with. During authentication, if
you use ldap, it uses the username/password that comes in the
access-request to bind with. In this case, you don't have a
user-password because you're doing CHAP.
Can you get your NAS to send over the Access-Request with a plaintext
password (PAP)? Then it will work, just like it does when you use
radclient.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
