<div>Thank Guy, but where I configure ( what file ?) in freeRadius to use NT-LM when it to query server ldap ??</div>
<div> </div>
<div> </div>
<div>thank</div>
<div><br><br> </div>
<div class="gmail_quote">2011/3/12 Guy <span dir="ltr"><<a href="mailto:guy@britewhite.net">guy@britewhite.net</a>></span><br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">
<div bgcolor="#FFFFFF">
<div><br><br>
<div>---Guy</div>
<div><br></div>Sent from my iPad</div>
<div>
<div></div>
<div class="h5">
<div><br>On 12 Mar 2011, at 20:06, Usuário do Sistema <<a href="mailto:maiconlp@ig.com.br" target="_blank">maiconlp@ig.com.br</a>> wrote:<br><br></div>
<div></div>
<blockquote type="cite">
<div>
<div>Hello, I'm new at the Freeradius and I'm deploying it with EAP-TLS to authenticate my Wireless users which will be authenticated against a OpenLDAP base.</div>
<div> </div>
<div> </div>
<div>I'm using freeradius2 and when I make a test from other linux machine with command "radtest joao.vero jango123 128.2.100.131 2 meleca" it's working as follow out <br> <br>Sending Access-Request of id 45 to 128.2.100.131 port 1645<br>
User-Name = "joao.vero"<br> User-Password = "jango123"<br> NAS-IP-Address = 255.255.255.255<br> NAS-Port = 2<br>rad_recv: Access-Accept packet from host <a href="http://128.2.100.131:1645/" target="_blank">128.2.100.131:1645</a>, id=45, length=20</div>
<div> </div>
<div>But, when I'm going to authenticate wireless users from Win7 ( with EAP-TLS, I'm using the test certificate from /etc/raddb/certs/..) It isn't working. it's appear in log:<br> <br>TLS Alert read:fatal:unknown CA<br>
TLS_accept:failed in SSLv3 read client certificate A<br>rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca<br>SSL: SSL_read failed inside of TLS (-1), TLS session fails.<br>TLS receive handshake failed during operation</div>
<div> </div>
<div>What I did until at the moment in ralation EAP-TLS:</div>
<div> </div>
<div>I've configured the eap.conf file to read the certificates from /etc/raddb/certs/... </div>
<div>I've create the user certificate ( as shows README in /etc/raddb/certs )</div>
<div>I've copied and installed two certificates to user machine: cliente.p12 and ca.der. the first as personal and the last as Trusted Root Certification Authorities</div>
<div> </div>
<div>I wish to use LDAP for authenticate my users but seems that User-Password must be Clear text. there is possible reach EAP-TLS with LDAP??<br> </div>
<div>What I have do ?? </div>
<div> </div>
<div>any help is welcome</div>
<div> </div>
<div>Thank!</div>
<div> </div>
<div> </div></div></blockquote></div></div>
<blockquote type="cite">
<div><span>-</span><br><span>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank"><a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a></a></span></div>
</blockquote><br>
<div>You have an issue with the cert, the cert the client is sending back is not recognised by free radius..</div>
<div><br></div>
<div>As for authenticating you can do this without clear text but you'll need to use NT-LM. With which you use samba to create NTSambaPassword in the LDAP database which it can auth with.</div>
<div><br></div>
<div>You will likely have to extend the schema for your LDAP server.. Though that's quite well documented for adding in Samba support.</div>
<div><br></div>
<div>Thanks </div>
<div><br></div><font color="#888888">
<div>--Guy</div></font></div><br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></blockquote></div><br>