First I know my english is not the best, but i hope you will understand it. In the course of a project i have to make an authentification against a freeradius server for the WLAN Users. On the Server(OpenSUSE11.1) is a LDAP Directory and i want that the WLAN Users have to authentificate with their accounts. After the successful authentification they will be put into an other VLAN, that they can use their homedirectories. I would like to know how I should do it, because i inform me about the Authentification Types(EAP-TLS,TTLS,PEAP) and know I am totally confused which i have to configure at the freeradius Server. I think that PEAP would be the easiest, but I really don't know which can be used whth a dynamic VLAN. http://old.nabble.com/file/p26230857/1.jpeg The AP is an Linksys WRT-54-GS and the Switch is an CISCO-2950 -- View this message in context: http://old.nabble.com/WLAN----Freeradius----OpenLDAP----VLANs-tp26230857p262... Sent from the FreeRadius - User mailing list archive at Nabble.com.
Freeradius work well with openldap but only with cleartext password (PAP). Best regards! 2009/11/9 _Stefan_H <stefanh007@networld.at>
First I know my english is not the best, but i hope you will understand it.
In the course of a project i have to make an authentification against a freeradius server for the WLAN Users. On the Server(OpenSUSE11.1) is a LDAP Directory and i want that the WLAN Users have to authentificate with their accounts. After the successful authentification they will be put into an other VLAN, that they can use their homedirectories.
I would like to know how I should do it, because i inform me about the Authentification Types(EAP-TLS,TTLS,PEAP) and know I am totally confused which i have to configure at the freeradius Server.
I think that PEAP would be the easiest, but I really don't know which can be used whth a dynamic VLAN.
http://old.nabble.com/file/p26230857/1.jpeg
The AP is an Linksys WRT-54-GS and the Switch is an CISCO-2950
-- View this message in context: http://old.nabble.com/WLAN----Freeradius----OpenLDAP----VLANs-tp26230857p262... Sent from the FreeRadius - User mailing list archive at Nabble.com.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- JJohnny RANDRIAMAMPIONONA Phone: +212663682554, +212533158575 National School of Applied Sciences ZIP 1818 TANGIER 90000 ---------Morocco ---------------
On Monday 09 November 2009 12:25:13 José Johnny RANDRIAMAMPIONONA wrote:
Freeradius work well with openldap but only with cleartext password (PAP). Best regards!
Don't give wrong answers if you're not sure of what you're talking.
2009/11/9 _Stefan_H <stefanh007@networld.at>
First I know my english is not the best, but i hope you will understand it.
In the course of a project i have to make an authentification against a freeradius server for the WLAN Users. On the Server(OpenSUSE11.1) is a LDAP Directory and i want that the WLAN Users have to authentificate with their accounts. After the successful authentification they will be put into an other VLAN, that they can use their homedirectories.
I would like to know how I should do it, because i inform me about the Authentification Types(EAP-TLS,TTLS,PEAP) and know I am totally confused which i have to configure at the freeradius Server.
See http://deployingradius.com/documents/protocols/compatibility.html for compatibilty issues. You can authenticate users using PEAP against LDAP just as long as the user's entries in the LDAP DB have NT / LM password hashes. For instance, if using OpenLDAP, you need to include the samba.schema in the supported schemas list and then add sambaNTPassword and sambaLMPassword to each one of the user's entries in the DB. Ex: " dn: uid=xxx,ou=people,dc=local,dc=loc objectClass: inetOrgPerson objectClass: sambaSamAccount uidNumber: 1 uid: xxx userPassword:: e01ENX1mMmhLRytkajNnSSs2aEtmL3ltSnV3PT0= sambaLMPassword: AB849716E6B337C43B639FCD27BDA434 sambaNTPassword: 9574805413661ADC5E8FA7B943026723 ... " You can hash the user's password using the smbencrypt utility.
I think that PEAP would be the easiest, but I really don't know which can be used whth a dynamic VLAN.
http://old.nabble.com/file/p26230857/1.jpeg
The AP is an Linksys WRT-54-GS and the Switch is an CISCO-2950
-- View this message in context: http://old.nabble.com/WLAN----Freeradius----OpenLDAP----VLANs-tp26230857p 26230857.html Sent from the FreeRadius - User mailing list archive at Nabble.com.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for answering and I hope that I will have no problems in configuring the server .... but I think that won't happen. nf-vale wrote:
On Monday 09 November 2009 12:25:13 José Johnny RANDRIAMAMPIONONA wrote:
Freeradius work well with openldap but only with cleartext password (PAP). Best regards!
Don't give wrong answers if you're not sure of what you're talking.
2009/11/9 _Stefan_H <stefanh007@networld.at>
First I know my english is not the best, but i hope you will understand it.
In the course of a project i have to make an authentification against a freeradius server for the WLAN Users. On the Server(OpenSUSE11.1) is a LDAP Directory and i want that the WLAN Users have to authentificate with their accounts. After the successful authentification they will be put into an other VLAN, that they can use their homedirectories.
I would like to know how I should do it, because i inform me about the Authentification Types(EAP-TLS,TTLS,PEAP) and know I am totally confused which i have to configure at the freeradius Server.
See http://deployingradius.com/documents/protocols/compatibility.html for compatibilty issues.
You can authenticate users using PEAP against LDAP just as long as the user's entries in the LDAP DB have NT / LM password hashes. For instance, if using OpenLDAP, you need to include the samba.schema in the supported schemas list and then add sambaNTPassword and sambaLMPassword to each one of the user's entries in the DB.
Ex:
" dn: uid=xxx,ou=people,dc=local,dc=loc objectClass: inetOrgPerson objectClass: sambaSamAccount uidNumber: 1 uid: xxx userPassword:: e01ENX1mMmhLRytkajNnSSs2aEtmL3ltSnV3PT0= sambaLMPassword: AB849716E6B337C43B639FCD27BDA434 sambaNTPassword: 9574805413661ADC5E8FA7B943026723 ... "
You can hash the user's password using the smbencrypt utility.
I think that PEAP would be the easiest, but I really don't know which
can
be used whth a dynamic VLAN.
http://old.nabble.com/file/p26230857/1.jpeg
The AP is an Linksys WRT-54-GS and the Switch is an CISCO-2950
-- View this message in context:
http://old.nabble.com/WLAN----Freeradius----OpenLDAP----VLANs-tp26230857p
26230857.html Sent from the FreeRadius - User mailing list archive at Nabble.com.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- View this message in context: http://old.nabble.com/WLAN----Freeradius----OpenLDAP----VLANs-tp26230857p262... Sent from the FreeRadius - User mailing list archive at Nabble.com.
participants (3)
-
_Stefan_H -
José Johnny RANDRIAMAMPIONONA -
nf-vale