[Openswan Users] Authenticating VPN clients via LDAP
Vincent Bernat
bernat at luffy.cx
Fri Jun 26 13:23:38 EDT 2009
OoO Lors de la soirée naissante du vendredi 26 juin 2009, vers 18:02,
Paul Wouters <paul at xelerance.com> disait :
>> Just wondering whether there is a know way of authenticating users via
>> LDAP using openswan and l2tpd.
> Remember, xl2tpd just calls pppd. You can have whatever authentication
> scheme pppd supports. I'm sure there is a ppp ldap module somewhere.
You can find such a module here:
http://sourceforge.net/projects/pppd-ldap/
However, this module does not support CHAP. I have some patches to add
CHAP support which is working fine but I need to find them and put them
online.
There are other modules like this one:
http://www.padl.com/OSS/pam_ldap.html
But I think there is the same limitation: PAP only (PAM needs
clear-password).
Another working solution would be to add a radius server in the
stack. The plugin is included with pppd, handles CHAP and radius is also
able to handle this kind of authentication against an LDAP server.
Please note that you need to populate your LDAP database with passwords
hashed with LM hash and NT hash. Those hashs are needed to work with
CHAP. This cannot work with regular hash algorithms like SHA1. If your
LDAP has clear-text passwords, this should work fine too.
--
I AM NOT THE NEW DALAI LAMA
I AM NOT THE NEW DALAI LAMA
I AM NOT THE NEW DALAI LAMA
-+- Bart Simpson on chalkboard in episode 5F17
More information about the Users
mailing list