EAP-MD5 with LDAP

Rohaizam Abu Bakar haizam at myjaring.net
Sun Jun 25 14:45:37 CEST 2006 

After searching for solution.. found one comment from Alan that advise not 
to set Auth-Type :=LDAP because LDAP do not do authentication.. EAP does.. 
let server figure out itself... In case of EAP, LDAP just extract password 
for EAP to do authentication.

But the problem is,  my radius need to serve a few services...  such as 
ADSL,  Wifi, Dial up .. etc. Each services have their own LDAP tree for 
better management.  So in radiusd.conf, there will be a few ldap modules.. 
See below:-


How do i set in users file in order for WIFI user to perform EAP but get 
LDAP info from certain LDAP tree  without having to set Auth-Type ????



i) users
=====

DEFAULT     ????  (not to set Auth-Type but need to direct to certain LDAP 
tree)



ii) radiusd.conf
==========

ldap adsl {
    basedn=ou=ADSL, ou=People...
}
ldap wifi {
    basedn=ou=wifi, ou=People...
}

Then .. in authenticate and authorize section :-

authorize {
    eap
    Autz-Type=ADSL {
        adsl
   }
    Autz-Type=WIFI {
         wifi
    }
}
authenticate {

    Auth-Type=ADSL {
        adsl
   }
    Auth-Type=WIFI {
         wifi
    }
    eap

}

iii) eap.conf

 ... some config...


----- Original Message ----- 
From: "Phil Mayers" <p.mayers at imperial.ac.uk>
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Saturday, June 24, 2006 5:37 PM
Subject: Re: EAP-MD5 with LDAP


> Rohaizam Abu Bakar wrote:
>> Hi..
>>
>> Using FB 6.0
>> FR 1.0.5
>>
>> trying to configure EAP-MD5  with LDAP backend...
>>
>> But it keep reporting:
>>
>> rlm_ldap: Attribute "User-Password" is required for authentication.
>>
>
>
> EAP-MD5 requires you have the plaintext password (in the LDAP server, in 
> this case). If you do not, you cannot do EAP-MD5. If you do, configure the 
> LDAP server to give the plaintext password to the radius server (usually 
> in userPassword) and the radius server to map that into User-Password 
> (done by default) and it will work.
> - List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list