Edvin Seferovic wrote: > before somebody yells "not again" - I just wish to ask if it is possible to > use MS-CHAP and CHAP authentication with a LDAP backend which contains > clear-text passwords as well as NT-Password ( used for MS-CHAP ) ??? Alan - > yes/no answer please :)
Read the web page: http://deployingradius.com/documents/protocols/compatibility.html If you're doing "bind as user" in LDAP, read this: http://deployingradius.com/documents/protocols/oracles.html > If positive - can somebody give me an example of attribute mapping to ldap > for both ( MS-CHAP and CHAP ) to work ? You don't do attribute mappings. See the "ldap" section in radiusd.conf, and look for "password_attribute". > My setup with LDAP as backend is working with a mapping of NT-Password to > sambaNTPassword like this : > > checkItem NT-Password sambaNTPassword > > MS-CHAP works just fine ! > > For CHAP I added > > password_header = "{clear}" > password_attribute = "userPassword" > password_radius_attribute = "User-Password" Where did that last line come from? > to the LDAP module configuration. But unfortunately chap module doesn't like > my clear-text password ( stored in userPassword ) for authentication :( How > else can I say CHAP where to look for the clear-text password. See the FAQ for "it doesn't work". Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
