Mike Richardson wrote: > I've been making changes for 8 hours a day for over a week so it might > differ from the original.
Which is a bit of a problem in and of itself. > However I been back to the defaults twice. As of > tomorrow I'll reinstall and try it again. From what you're saying I believe > I need to put in the LDAP config for our eDirectory and uncomment any LDAP > authorisation/authentication entries. Anything else? Not for LDAP. > Then I can use radtest to test the authentication? Yes. > How does the config know to use PAP rather than CHAP/MSCHAP? Because all of the experience of the developers working for years with RADIUS is distilled into the configuration files. > I've been through every config guide I can find on the net, several times. If it takes more than 10 minutes to get FreeRADIUS authenticating to LDAP, ask a question on the list. Honestly. It's *so* much better to get an answer on the list than to fight for a week... > It's only today though that I found a site which explained the limitations > of the PAP/CHAP/MSCHAP with respect to password encryptions. My deployingradius.com site? It has a number of resources. > Most guides > assume MSCHAP, for use with PEAP, and most use flat file user > authentication. Not many touch on LDAP and only Novell have eDirectory based > documentation. Of course. Only Novell understands how eDirectory works. For LDAP, buy the O'Reilly OpenLDAP book. It has a good section on getting OpenLDAP && FreeRADIUS to talk to each other. It's very quick... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
