EAP-PEAP with LDAP for 802.1x authentication
Hi All, Understand that it is not possible to authenticate using EAP-PEAP against OpenLDAP due to encrypted password. Can someone advise on how exactly OpenLDAP needs be configured so that it can be used in EAP-PEAP? I found out from http://vuksan.com/linux/dot1x/802-1x-LDAP.html that to do so additional attributes needs to be added to LDAP. Is this the only way? Thanks/Regards, Ryan
reading from http://deployingradius.com/documents/protocols/compatibility.html you can achive that there's no problem to make ldap work with EAP-PEAP, the only thing you must take care is the hashing algorithm for the password. Reading carefully from http://vuksan.com/linux/dot1x/802-1x-LDAP.html "It is important depending what kind of password information you have stored in your LDAP database" So nobody says you can't make work togher openldap and freeradius. :) Reading carefully 802-1x.LDAP.html you'll be able to set a working enviroment. On Mon, Feb 25, 2008 at 7:58 AM, Ryan <majereryan@gmail.com> wrote:
Hi All,
Understand that it is not possible to authenticate using EAP-PEAP against OpenLDAP due to encrypted password. Can someone advise on how exactly OpenLDAP needs be configured so that it can be used in EAP-PEAP?
I found out from http://vuksan.com/linux/dot1x/802-1x-LDAP.html that to do so additional attributes needs to be added to LDAP. Is this the only way?
Thanks/Regards, Ryan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- they don't own your box, but they have you
Understand that it is not possible to authenticate using EAP-PEAP against OpenLDAP due to encrypted password. Can someone advise on how exactly OpenLDAP needs be configured so that it can be used in EAP-PEAP?
Don't use encrypted password. Or use nt hash and NT-Password. There is nothing to add - those attributes are already in ldap.attrmap. Ivan Kalik Kalik Informatika ISP
2008/2/25, Ryan <majereryan@gmail.com>:
Hi All,
Understand that it is not possible to authenticate using EAP-PEAP against OpenLDAP due to encrypted password. Can someone advise on how exactly OpenLDAP needs be configured so that it can be used in EAP-PEAP?
I found out from http://vuksan.com/linux/dot1x/802-1x-LDAP.html that to do so additional attributes needs to be added to LDAP. Is this the only way?
Thanks/Regards,
Ryan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I think that the easiest way is using EAP-TTLS if you use encrypted password into OpenLDAP, you should use PAP. The problem is that Windows has not native PAP support, so you should use something like securew2. The other option is that the Ivan Kalikmention it (something that I asked many times :) ) -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
participants (4)
-
Arjuna Scagnetto -
Ivan Kalik -
Ryan -
Sergio Belkin