If you want to store sha encrypted passwords you restrict yourself to (EAP-TTLS) PAP. You can't do EAP-MD5 with them or use ldap "bind as user" for anything that's not a PAP (cleartext) request. So, the advice you were given still stands.
http://deployingradius.com/documents/protocols/compatibility.html http://deployingradius.com/documents/protocols/oracles.html Ivan Kalik Kalik Informatika ISP Dana 9/4/2008, "antoine vallée" <[EMAIL PROTECTED]> piše: > >HI, > >Does anybody knows if ldap can make the authentication by itslef instead of >radius? because my password a stored in sha in the ldap database, and i really >nead to do md5. Certs can't bu used because it needs a PKI and it's not >possible as well as eap-ttls because it requires securew2 (there's no >eap-ttls module natively in windows) and we can't forced visitors to install a >software in order to have access to some local ressources. >So the only solution is eap-md5... >I've heard something about ldap, that maybe it's possible to give the >cleartext password to the ldap, then the ldap will find the shapassword and >return to the radius server a message for the authentication. >Is this possible? If so, how can I do that? >Because last time, i've been told that the only solution to do login/pwd >authentication was eap-ttls+securew2 (for xp) or to store my password in >cleartext in the ldap database.. but they're both inapropriate. > >any ideas on the subject? > >Thanks, > >Antoine. > > >_________________________________________________________________ >Découvrez les profils Messenger de vos amis ! >http://home.services.spaces.live.com/ > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
