certificate requirements for EAP-PEAP using Radius-to-LDAP
Hi All I'm trying to do EAP-PEAP (with MSCHAPv2) radius authentication against an LDAP database with my passwords stored in clear text on the directory. I'm thinking my issues right now are with certificates. Can someone give me a quick explanation of what certificate requirements I need to have on my radius server for doing the NAS-radius conversation as well as the ldap authorization. Also, what certificates do I need for/from the LDAP server? Thanks Matt mda@unb.ca
Matt Ashfield wrote:
Hi All
I'm trying to do EAP-PEAP (with MSCHAPv2) radius authentication against an LDAP database with my passwords stored in clear text on the directory. I'm thinking my issues right now are with certificates.
PEAP requires a "server certificate" on the radius server. See the CA.all or CA.certs scripts that come with the server, or generate them with your existing CA *provided* you ensure the XP extension OIDs are in the certs.
Can someone give me a quick explanation of what certificate requirements I need to have on my radius server for doing the NAS-radius conversation as well as the ldap authorization. Also, what certificates do I need for/from the LDAP server?
That is not a radius issue, and is purely dependent on your LDAP server setup. Typically if a cert is used at all, it would be on the LDAP server, and the radius server (which is an LDAP client) just does normal SSL.
participants (2)
-
Matt Ashfield -
Phil Mayers