RE: LDAP authentication using Radius

["JET JETASIK" <jet@transniaga.co.th>]

Howard Chu wrote:
> 
> JET JETASIK wrote:
> > I am investigating 2 factor authentication in which mostly they are
> > radius server actually.
> >
> > My problem is that most of my applications relying on LDAP auth only.
> >
> >
> >
> > I am trying to figure out on how to use
> > openldap/contrib/slapd-modules/passwd/radius.c
> >
> > I did compile and successfully loaded it but not sure how to configure
it.
> >
> >
> >
> > This is what I put into slapd.conf to load the module:
> >
> > moduleload pw-radius.so config="/etc/radius.conf"
> >
> >
> >
> > Firstly I couldn't figure out what exactly is the format of
> > /etc/radius.conf (Mandatory items: Radius server IP& Share Secret)
> 
> Read the radius.conf(5) manpage.
 
Oh! It is just standard radius.conf format actually ?

> > Secondly the format of userpassword scheme, {RADIUS}XXXXYYY@ZZZ ??
> 
> Yes, {RADIUS} followed by whatever your radius server thinks is a valid
> username.
> 
> If by 2-factor authentication you mean some kind of challenge/response
> method, that will not work. The module has no way to relay the challenge
> back to the LDAP client, and the LDAP Simple Bind request doesn't support
> challenge/response type authentication.
>

Just like that?
In my case it is response only, should be ok right?
Thanks a lot Howard.
 
> --
>   -- Howard Chu
>   CTO, Symas Corp.           http://www.symas.com
>   Director, Highland Sun     http://highlandsun.com/hyc/
>   Chief Architect, OpenLDAP  http://www.openldap.org/project/
> 
> -----

---
JET JETASIK