RE: LDAP authentication using Radius

["JET JETASIK" <jet@transniaga.co.th>]

Still got any luck yet.
Nothing hit my radius server when doing simple auth to openldap.
Any clue on how to check this.

Here is my /etc/radius.conf
auth 192.168.0.10:1812 secret

-- JET JETASIK

> Howard Chu wrote:
> >
> > JET JETASIK wrote:
> > > I am investigating 2 factor authentication in which mostly they are
> > > radius server actually.
> > >
> > > My problem is that most of my applications relying on LDAP auth only.
> > >
> > >
> > >
> > > I am trying to figure out on how to use
> > > openldap/contrib/slapd-modules/passwd/radius.c
> > >
> > > I did compile and successfully loaded it but not sure how to
> > > configure
> it.
> > >
> > >
> > >
> > > This is what I put into slapd.conf to load the module:
> > >
> > > moduleload pw-radius.so config="/etc/radius.conf"
> > >
> > >
> > >
> > > Firstly I couldn't figure out what exactly is the format of
> > > /etc/radius.conf (Mandatory items: Radius server IP& Share Secret)
> >
> > Read the radius.conf(5) manpage.
> 
> Oh! It is just standard radius.conf format actually ?
> 
> > > Secondly the format of userpassword scheme, {RADIUS}XXXXYYY@ZZZ ??
> >
> > Yes, {RADIUS} followed by whatever your radius server thinks is a
> > valid username.
> >
> > If by 2-factor authentication you mean some kind of challenge/response
> > method, that will not work. The module has no way to relay the
> > challenge back to the LDAP client, and the LDAP Simple Bind request
> > doesn't support challenge/response type authentication.
> >
> 
> Just like that?
> In my case it is response only, should be ok right?
> Thanks a lot Howard.
> 
> > --
> >   -- Howard Chu
> >   CTO, Symas Corp.           http://www.symas.com
> >   Director, Highland Sun     http://highlandsun.com/hyc/
> >   Chief Architect, OpenLDAP  http://www.openldap.org/project/
> >
> > -----
> 
> ---
> JET JETASIK
>