Re: FW: MS-CHAP-v2 and CHAP with different passwords in LDAP

2007-12-08 Thread Alan DeKok 
Edvin Seferovic wrote:
 before somebody yells not again - I just wish to ask if it is possible to
 use MS-CHAP and CHAP authentication with a LDAP backend which contains
 clear-text passwords as well as NT-Password ( used for MS-CHAP ) ??? Alan -
 yes/no answer please :)

  Read the web page:

http://deployingradius.com/documents/protocols/compatibility.html

  If you're doing bind as user in LDAP, read this:

http://deployingradius.com/documents/protocols/oracles.html

 If positive - can somebody give me an example of attribute mapping to ldap
 for both ( MS-CHAP and CHAP ) to work ?

  You don't do attribute mappings.  See the ldap section in
radiusd.conf, and look for password_attribute.

 My setup with LDAP as backend is working with a mapping of NT-Password to
 sambaNTPassword like this :
 
 checkItem   NT-Password sambaNTPassword
 
 MS-CHAP works just fine !
 
 For CHAP I added 
 
 password_header = {clear}
 password_attribute = userPassword
 password_radius_attribute = User-Password

  Where did that last line come from?

 to the LDAP module configuration. But unfortunately chap module doesn't like
 my clear-text password ( stored in userPassword ) for authentication :( How
 else can I say CHAP where to look for the clear-text password.

  See the FAQ for it doesn't work.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: FW: MS-CHAP-v2 and CHAP with different passwords in LDAP

2007-12-08 Thread Edvin Seferovic 
 http://deployingradius.com/documents/protocols/compatibility.html

Read it !

 If you're doing bind as user in LDAP, read this:

Nope - just using LDAP as storage and accessing it with a privileged user
that has R/O access to the user profiles

 You don't do attribute mappings.  See the ldap section in
 radiusd.conf, and look for password_attribute.

Okay - did that now. MS-CHAP still working. Voila - CHAP works as well !

 password_header = {clear}
 password_attribute = userPassword
 password_radius_attribute = User-Password

  Where did that last line come from?

http://wiki.freeradius.org/Rlm_ldap  from here ! Wasn't sure if that was
the right for me. 

 See the FAQ for it doesn't work.

My FAQ says Find the typo and go to sleep :)

Thanks Alan !

Kind regards,
E:S

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html