First, apologies for breaking threading. (I had mail delivery turned off, and Gmane's feed seems to be broken, so I'm cutting & pasting from the archive.)
Alan DeKok aland at deployingradius.com Sun Jan 27 20:17:58 CET 2019
(a) Make sure PEAP works with certificates.
Done. I've verified with tcpdump/Wireshark that the correct certificate is being used.
(b) configure and enable LDAP. See mods-available/ldap
Done.
Once the LDAP module is available, the server will automatically use it.
It's trying, but failing. (0) ldap: WARNING: No "known good" password added. Ensure the admin user has permission to read the password attribute
And, the server will automatically grab passwords from LDAP. And, the server will automatically use those passwords to do EAP-GTC.
It will try, but it will fail, because it doesn't have permission to read passwords/hashes from LDAP. I need to configure FreeRADIUS to bind *as the user* to LDAP. If the bind succeeds then the authentication succeeds.
It also helps to describe what you've done, what happened, and why you think it's wrong. Otherwise, we're limited to:
Q: I tried stuff and it doesn't work. What do I do? A: Try different stuff
Which isn't helpful to anyone. Better questions means better answers.
Fair enough. This seems like it would be such a common configuration that I would have thought that it would be documented somewhere. -- ======================================================================== Ian Pilcher arequipeno@gmail.com -------- "I grew up before Mark Zuckerberg invented friendship" -------- ========================================================================