Hello, After reading the configuration file radiusd.conf, it explicitly says that one can't use LDAP as the authentication backend when you use EAP (in my case, i'm interested in EAP-TTLS). Nonetheless, I can read elsewhere on the web that some people seem to use both EAP and LDAP, so I wonder who is right ? I would use LDAP for storing all my users/password and EAP to protect my users credentials over insecure Wifi. Any advices ? Cheers, Joris
2008/7/8 joris <jorisd@gmail.com>:
Hello,
After reading the configuration file radiusd.conf, it explicitly says that one can't use LDAP as the authentication backend when you use EAP (in my case, i'm interested in EAP-TTLS).
Nonetheless, I can read elsewhere on the web that some people seem to use both EAP and LDAP, so I wonder who is right ?
I would use LDAP for storing all my users/password and EAP to protect my users credentials over insecure Wifi.
Any advices ?
Cheers,
Joris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
What documentation says is that you can't use encrypted password in LDAP with EAP/PEAP. But you can use EAP/TTLS + PAP with LDAP. The main problem for this approach is that the f**k Windows has not native support for TTLS, so you should install some software eg: SecureW2... -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
joris wrote:
After reading the configuration file radiusd.conf, it explicitly says that one can't use LDAP as the authentication backend when you use EAP
I don't think it says that. What part of the configuration file leads you to think it's impossible?
Nonetheless, I can read elsewhere on the web that some people seem to use both EAP and LDAP, so I wonder who is right ?
It's possible. Lots of people are doing it.
I would use LDAP for storing all my users/password and EAP to protect my users credentials over insecure Wifi.
Any advices ?
http://deployingradius.com/documents/protocols/compatibility.html Alan DeKok.
# THIS WILL NOT WORK FOR CHAP, MS-CHAP, or 802.1x (EAP). That relates to ldap "bind as user" authentication, not using ldap to store user information. Ivan Kalik Kalik Informatika ISP Dana 8/7/2008, "joris" <jorisd@gmail.com> piše:
Hello,
After reading the configuration file radiusd.conf, it explicitly says that one can't use LDAP as the authentication backend when you use EAP (in my case, i'm interested in EAP-TTLS).
Nonetheless, I can read elsewhere on the web that some people seem to use both EAP and LDAP, so I wonder who is right ?
I would use LDAP for storing all my users/password and EAP to protect my users credentials over insecure Wifi.
Any advices ?
Cheers,
Joris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hey guys, sorry for the delay. Yeah after reading your advices, I agree that I misread. I will use EAP-TTLS with EAP method "PAP" encapsulated in it. Thanks Sergio for the link for Windows users : in my case with an intel wifi card, Intel was kind enough to provide the same kind of utilities. But for the others unknown manufacturer, your tool is really just *fine* :) Thanks again, Joris 2008/7/8 Ivan Kalik <tnt@kalik.net>:
# THIS WILL NOT WORK FOR CHAP, MS-CHAP, or 802.1x (EAP).
That relates to ldap "bind as user" authentication, not using ldap to store user information.
Ivan Kalik Kalik Informatika ISP
Dana 8/7/2008, "joris" <jorisd@gmail.com> piše:
Hello,
After reading the configuration file radiusd.conf, it explicitly says that one can't use LDAP as the authentication backend when you use EAP (in my case, i'm interested in EAP-TTLS).
Nonetheless, I can read elsewhere on the web that some people seem to use both EAP and LDAP, so I wonder who is right ?
I would use LDAP for storing all my users/password and EAP to protect my users credentials over insecure Wifi.
Any advices ?
Cheers,
Joris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (4)
-
Alan DeKok -
Ivan Kalik -
joris -
Sergio Belkin