WLAN - Freeradius - OpenLDAP - VLANs

nf-vale nf-vale at critical-links.com
Mon Nov 9 14:36:55 CET 2009 

On Monday 09 November 2009 12:25:13 José Johnny RANDRIAMAMPIONONA wrote:
> Freeradius work well with openldap but only with cleartext password (PAP).
> Best regards!

Don't give wrong answers if you're not sure of what you're talking.

> 
> 2009/11/9 _Stefan_H <stefanh007 at networld.at>
> 
> > First I know my english is not the best, but i hope you will understand
> > it.
> >
> > In the course of a project i have to make an authentification against a
> > freeradius server for the WLAN Users.
> > On the Server(OpenSUSE11.1) is a LDAP Directory and i want that the WLAN
> > Users have to authentificate with their accounts. After the successful
> > authentification they will be put into an other VLAN, that they can use
> > their homedirectories.
> >
> > I would like to know how I should do it, because i inform me about the
> > Authentification Types(EAP-TLS,TTLS,PEAP) and know I am totally confused
> > which i have to configure at the freeradius Server.

See http://deployingradius.com/documents/protocols/compatibility.html for 
compatibilty issues.


You can authenticate users using PEAP against LDAP just as long as the user's 
entries in the LDAP DB have NT / LM password hashes. For instance, if using 
OpenLDAP, you need to include the samba.schema in the supported schemas list 
and then add sambaNTPassword and sambaLMPassword to each one of the user's 
entries  in the DB.

Ex:

"
dn: uid=xxx,ou=people,dc=local,dc=loc
objectClass: inetOrgPerson
objectClass: sambaSamAccount
uidNumber: 1
uid: xxx
userPassword:: e01ENX1mMmhLRytkajNnSSs2aEtmL3ltSnV3PT0=
sambaLMPassword: AB849716E6B337C43B639FCD27BDA434
sambaNTPassword: 9574805413661ADC5E8FA7B943026723
...
"

You can hash the user's password using the smbencrypt utility.

> >
> > I think that PEAP would be the easiest, but I really don't know which can
> > be
> > used whth a dynamic VLAN.
> >
> > http://old.nabble.com/file/p26230857/1.jpeg
> >
> > The AP is an Linksys WRT-54-GS
> > and the Switch is an CISCO-2950
> >
> >
> >
> > --
> > View this message in context:
> > http://old.nabble.com/WLAN----Freeradius----OpenLDAP----VLANs-tp26230857p
> >26230857.html Sent from the FreeRadius - User mailing list archive at
> > Nabble.com.
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list