windowsXP+LDAP+freeradius
Muthu
cmuthu at naturesoft.net
Thu Sep 7 12:21:09 CEST 2006
Hai,
Thanks for your reply.
I was trying to use PAM authentication with freeradius for Win XP client
(PEAP). I was getting error in the tls section. I posted to freeradius userlist. I got the reply as below. Is this right?. If not, Can I use LDAP+PEAP+freeradius.
=============================================================================================================
You cannot use PAM to answer PEAP/MS-CHAP requests. You must either have
the plaintext password for the user, the NT or LM hashes for their
password, or access to an NT domain controller and use the "ntlm_auth"
helper in the mschap module.
=============================================================================================================
> > I have Link sys wireless router, windows XP clients, freeradius
> > and LDAP server (Linux). I want to make the user authentication for the
> > windows XP clients against freeradius to connect to Link sys router. I
> > have all the users in LDAP. The LDAP server is set as user database for
> > freeradius sever. Is this possible?. If possible, can you please give me
> > the idea how to do this.
Perfectly fine. Take a look at the ldap { } section in radiusd.conf
(it's pretty much self explanatory), and enable ldap in authorize { }
and authenticate { }. For wireless, you'll also need at least a server
certificate, a script for generating one is in the scripts/ subdirectory
of freeradius. Use that certificate for the eap.conf configuration,
where you will have to enable at least the tls { } part, and either peap
or ttls, depending on what supplicant you use on the Win XP side. The
built-in supplicant (not recommended, but working) is using peap.
Greetings, Stefan Winter
Thanks & Regards,
Muthu.
More information about the Freeradius-Users
mailing list