On Fri, Feb 27, 2009 at 6:32 PM, <[email protected]> wrote: >>So in short if I want to do "bind as user" in PEAP-GTC, I can't >>combine it with other authentication methods (like pam)? Too bad. > > Why is it "too bad". Just don't use "bind as user". You should avoid
The LDAP server I'm authenticating against is Lotus Domino, which stores user password in a Lotus-specific encryption. The only way to use freeradius to authenticate against it is with "bind as user". > using methods where Auth-Type is forced. They are very difficult to > combine with other methods. Yeah. The thing that I don't get yet is why on normal radius packet (without PEAP-GTC) I don't have to set Auth-Type explicitly, yet the ldap module can use either user password stored in LDAP or bind as user. With gtc on the other hand, I have to FORCE gtc to use Auth-Type LDAP. I was hoping that with gtc set to pap the inner-tunnel can use multiple modules to authenticate, including bind as user when using LDAP. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
