paul at dugasenterprises.com
Tue Aug 17 21:54:07 CEST 2010
On Tue, Aug 17, 2010 at 2:44 AM, Alan DeKok <aland at deployingradius.com> wrote:
> Paul Dugas wrote:
> > On Mon, Aug 16, 2010 at 5:02 PM, Alan DeKok <aland at deployingradius.com> wrote:
> >> Use PEAP. Ensure passwords are in a form compatible with PEAP:
> > My LDAP directory contains NT, LM, and SSHA passwords but not
> > clear-text so, if I'm following correctly, I need to look into using
> > ntlm_auth.
> No. I have no idea why you concluded that.
> FreeRADIUS needs a password for authentication. That's it.
The settings in NetworkManager on my Fedora Linux laptop, when I
choose WPA&WPA2-Enterprise and PEAP, allow MSCHAPv2 (default), MD5,
and GTC for the inner authentication. I see on the protocol
compatibility table you referenced that only clear-text and ntlm_auth
are available under PEAP and EAP-MSCHAPv2. I do not have clear-text
passwords in my LDAP directory so I concluded I needed to look into
Where did I go wrong?
> If you have the LDAP module listed in the "inner-tunnel", then you're
> well on your way to getting it all to work.
I found a posting that pointed me toward sites-available/default to
enable ldap under authorize and the Auth-Type LDAP block under
authenticate. Found another that suggested the same in
sites-enabled/inner-tunnel. I've adjusted modules/ldap to connect
with the correct privileges; I've not adjust ldap.attrmap. It didn't
work after that though I'm not at the site today to get detailed logs
to post. I will be tomorrow though.
Paul Dugas • Dugas Enterprises, LLC • Computer Engineer
522 Black Canyon Park, Canton GA 30114 USA • Paul at DugasEnterprises.com
More information about the Freeradius-Users