Chapter 10
Pop quiz – EAP
- Ignore the links; you may even go as far deleting them for sanity's sake. EAP works as is on a new installation. The less you change on the EAP configuration the better.
- The EAP-TTLS/PAP method makes use of the
inner-tunnelvirtual server instead of thedefaultvirtual server when authenticating users. Make sure you also specify the use of theldapmodule in theinner-tunnelvirtual server. These virtual servers are independent from each other. - No, when you bind as a user you need to send the user's cleartext password to the LDAP server. When you use PEAP/MSCHAPv2 there is no way to get a cleartext password out of the transaction.
- No lies here! The Universal Password feature allows the
ldapmodule to get passwords in cleartext from the LDAP server. There are a few rules to follow in order to get this password. The connection to the LDAP server has to be a secure connection with a special privileged user binding to it to run the queries. Thepassword_attribute...
