802.1x and LDAP

Alan DeKok aland at ox.org
Fri Aug 19 20:18:04 CEST 2005

Cian Phillips <cian at cca.edu> wrote:
> With each of these I still have the problem where the Access-Request  
> packet doesn't contain a User-Password attribute. I am guessing that  
> there is something very fundamental that I am not understanding..  
> like "there isn't supposed to be a User-Password attribute coming  
> from the AP" but if that's the case then I really don't understand  
> how we authenticate against the LDAP directory without a password.

  You don't.  LDAP is a database, not an authentication server.
FreeRADIUS is an authentication server.  It pulls the password from
LDAP, and uses that to authenticate the user.

> I have tried a bunch of different "how-to's" and haven't had any  
> success.. if someone could say they were certain that one of them  
> worked that in itself would be a great deal of help.

  If you're looking for details of how the authentication protocols
work, the HOWTO's won't help you.  They tell you how to get it to
work, and they assume that you don't care about the internal design
details of the system.

  If you DO really care about the design details of the authentication
protocols, read the RFC's.  They're in doc/rfc/*.

  Otherwise, configure the system as per the HOWTO's, and it *will* work.

  Alan DeKok.

More information about the Freeradius-Users mailing list