Eric Bourkland wrote: > What would be the best solution since freeRadius currently can't get the > password out of my openLDAP unless it is using PAP, it gets the password in > the request via PEAP.
PEAP doesn't work that way. Blame Microsoft. > I would like to avoid having to tell everyone with a windows client that > they need to install SecureW2. Then fix your LDAP server so that it supplies the password. OpenLDAP *can* do this, and it shouldn't be too hard. See the OpenLDAP documentation for instructions. > What would be nice is if it was smart enough to recieve the request in > multiple formats/protocols and then translate it into multiple > formats/protocols to query out to flat file/DB/LDAP or AD instead of just > passing the request along. That is completely and totally impossible. Sorry. http://deployingradius.com/documents/protocols/compatibility.html > Although there is the risk of something getting messed up with scripts > converting protocols and there are probably a million different scenarios out > there. Maybe I'm missing something since I'm still new to Radius. It's impossible. It's designed to be impossible by the people who created the various protocols. FreeRADIUS does *everything* it can to be compatible with everything, and to do what you say. But some things are just impossible. > Is the easiest thing to do is to monkey with the openLDAP schema and add some > cleartext password attributes? If I get this done is there some place in one > of the config files that I need to update to look for a particular password > attribute when Radius tries to do the authentication or does it figure it out > for itself? The password should go into the userPassword field in LDAP. FreeRADIUS will then Just Work. > I have been beating my head against a wall for about a week on this and the > documentation mocks me by always saying it just works. It does, if you give FreeRADIUS a password that can be used for authentication. Your LDAP server isn't giving FreeRADIUS a password. There is no amount of playing with FreeRADIUS that will make the LDAP server give FreeRADIUS a password. Fix your LDAP server. ALan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
