Matt Ashfield wrote:
I have LDAP configured and can do a cleartext radius authentication using username/passwords (using radtest). What I'd like to do is take the next step and do 802.1x authentication for my windows clients and I suppose that's where I was hoping to find some cleancut instructions on this as I've seen quite a bit of threads concerning this but as mentioned in my initial email, they can be tough to follow.
It's really very simple. If you have users of the form: dn: cn=username,ou=whatever,dc=domain,dc=com objectClass: inetOrgPerson-or-whatever cn: username userPassword: theplaintextpass ...just set FR like so: modules { ldap { server = foo basedn = bar # other attributes password_attribute = userPassword } } authorize { preprocess chap mschap eap ldap } authenticate { Auth-Type MS-CHAP { mschap } Auth-Type CHAP { chap } eap } If your userPassword are something like: userPassword: {crypt}=3115313652 clearTextPass: {clear}theplaintext ..you would use modules { ldap { password_header = "{clear}" password_attribute = clearTextPass } } ...and so on.