Freeradius + Fedora-DS + EAP-MSCHAPv2 for WIFI/AP authentication
Alan DeKok
aland at deployingradius.com
Tue Sep 20 09:30:32 CEST 2011
uselessidbr wrote:
> People, i've read a lot about the WIFI/AP authentication over Freeradius
> using LDAP but it seems i cannot make it work unless i use clear-text
> password or Nt/Lmpassword which as far as i know implies in Samba + LDAP
> integration.
http://deployingradius.com/documents/protocols/compatibility.html
Note it doesn't mention Samba. NT-Passwords are a password *format*.
They can be stored anywhere.
> My question is, is that really the only way to make freeradius authenticate
> users using a LDAP database?
>
> Do i need to have samba + ldap to authenticate WIFI users using freeradius +
> LDAP with EAP-MSCHAPv2?
No. You need cleartext passwords, or NT passwords. Where they are
stored is a completely separate question.
> With my current configuration i was able to authenticate LDAP users with
> clear-text password but thats not i really want as a WIFI authentication
> solution. My goal is to use freeradius to authenticate WIFI users using a
> LDAP database and without the need of use a non-native Windows application.
You can do that. Only if you use the correct password format.
> Here goes my debug using a encrypted user password (which fails):
It fails because you didn't tell the server what the correct password was.
Alan DeKok.
More information about the Freeradius-Users
mailing list