Fwd: (RADIATOR) Help with configure radius.cfg with eap and ldap

Mike McCauley mikem at open.com.au
Wed Feb 4 16:46:26 CST 2004 

Hello Andy,


On Thu, 5 Feb 2004 05:36 am, tudalat at shaw.ca wrote:
> > Hello Andy,
>
> Hi Mike:
> > On Thu, 22 Jan 2004 09:03 am, tudalat at shaw.ca wrote:
> > > ----- Original Message -----
> > > From: Mike McCauley <mikem at open.com.au>
> > > Date: Tuesday, January 20, 2004 2:50 pm
> > > Subject: Re: Fwd: (RADIATOR) Help with configure radius.cfg with eap
> > > and ldap
> > >
> > > > Hello Andy,
> > >
> > > Hi Mike:
> > > > I think the problem is that you do not have PasswordAttr defined
> > > > in your
> > > > config file for AuthBy LDAP2. You should have seen an error
> > > > message about that when it starts up? Its not required with
> > >
> > > There was no error when ServerChecksPassword is not used. I tried
> > > "PasswordAttr    userPassword" and I got "There was no password
> > > attribute found" PasswordAttr (alone) and EncryptedPasswordAttr,
> > > however, work successfully with LDAP but MD5-Challenge still fails.
> > > Just wonder if it's because of our
> > > peculiar way of implementing ldap.  I am not allowed to retrieve
> > > the UserPassword, I can only use it to do a LDAP bind.
> >
> > I think that will be the problem. In order for Radiator to support
> > MD5-Challenge, it needs to be able to get the plaintext password from the
> > LDAP server in the LDAP attribute named by PasswordAttr.
>
> We are using one way linux-crypt to store the passwords so the plaintext
> option is not possible. Can you recommend any other EAP that will work
> in my case.

The only EAP type that will work with such encrypted password is TTLS-PAP. 
TTLS-PAP clients are available from a number of vendors.

Cheers.

>
> Thank a bunch
>
> > Cheers.
>
> Andy Dalat
> tudata at shaw.ca

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list