Rob Shepherd <[EMAIL PROTECTED]> wrote: > I'll use PAP (ldap auth)
Please don't. It makes everything harder. LDAP is a database, not an authentication server. Have the server read the clear-text password from LDAP, and the server will figure out how to authenticate the user. Remove "ldap" from the "authenticate" section. It's just not necessary. > from the VPN concentrator but mschapv2 from the > wireless, as it'll go through a peap or eap-tls tunnel. I have NT and LM > hashes already in the LDAP, I just need to extract them... See ldap.attrmap. > Could I get a pointers on how I command the right auth type for the > right device. You don't. You supply the server with passwords, and it figure out what to do. > And how I get the nt/lm hashes from ldap and do mschapv2.. ldap.attrmap, and the server will figure out what to do. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
