Skip to content
Permalink
Browse files

move concepts page to concepts directory

  • Loading branch information
alandekok committed Aug 30, 2019
1 parent bbf9ef9 commit 27545ae55a69f0e76f303aae6993aa257b05b331
@@ -1,2 +1,3 @@
* xref:index.adoc[Introduction]
** xref:aaa.adoc[AAA]
** xref:modules/ldap_authentication.adoc[LDAP]
@@ -125,6 +125,7 @@ generally better to use a stronger authentication method than just
PAP.

In the end, there is no perfect solution to security requirements.
The choices are often either to give up on using a particular
The choice may be either to give up on using a particular
authentication method, or to relax the security requirements on LDAP
and on password storage.
and on password storage. The final decision as to which choice is
best can only be made by a local administrator.
@@ -68,14 +68,14 @@ following recommendations for LDAP "best practices" security.

== Authentication

The LDAP module can be used by FreeRADIUS to read passwords order to
xref:modules/ldap_authentication.adoc[authenticate] users. Please be
aware the FreeRADIUS is an _authentication server_, and LDAP is a
_database_. This separation of roles means that FreeRADIUS supports
multiple kinds of authentication protocols such as `PAP`, `CHAP`,
`MS-CHAP`, etc. An LDAP database supports only one authentication
method: "bind as user". This authentication method is compatible only
with PAP.
The LDAP module can be used by FreeRADIUS to read passwords in order
to xref:ROOT:modules/ldap_authentication.adoc[authenticate] users.
Please be aware the FreeRADIUS is an _authentication server_, and LDAP
is a _database_. This separation of roles means that FreeRADIUS
supports multiple kinds of authentication protocols such as `PAP`,
`CHAP`, `MS-CHAP`, etc. An LDAP database supports only one
authentication method: "bind as user". This authentication method is
compatible only with PAP.

Our recommendation is to use LDAP as a database. FreeRADIUS should
read the "known good" password from LDAP, and then use that
@@ -96,8 +96,9 @@ Use xref:raddb:mods-available/ntlm_auth.adoc[`ntlm`] or xref:raddb:mods-availabl
Due to the limitations of Active Directory, There are unfortunately no
other possible choices.

Please see the xref:modules/ldap_authentication.adoc[LDAP
authentication] page for more information on authenticating users with LDAP.
Please see the xref:ROOT:modules/ldap_authentication.adoc[LDAP
authentication] concepts page for more information on the limitations
related to authenticating users with LDAP.

=== Authorization

0 comments on commit 27545ae

Please sign in to comment.
You can’t perform that action at this time.