Matt Ashfield wrote:
Hi All
I'm trying to do EAP-PEAP (with MSCHAPv2) radius authentication against an LDAP database with my passwords stored in clear text on the directory. I'm thinking my issues right now are with certificates.
PEAP requires a "server certificate" on the radius server. See the CA.all or CA.certs scripts that come with the server, or generate them with your existing CA *provided* you ensure the XP extension OIDs are in the certs.
Can someone give me a quick explanation of what certificate requirements I need to have on my radius server for doing the NAS-radius conversation as well as the ldap authorization. Also, what certificates do I need for/from the LDAP server?
That is not a radius issue, and is purely dependent on your LDAP server setup. Typically if a cert is used at all, it would be on the LDAP server, and the radius server (which is an LDAP client) just does normal SSL.