wireless+freeradius+AD

Alan DeKok aland at ox.org
Sat Nov 19 19:55:12 CET 2005


Laker Netman <laker_netman at yahoo.com> wrote:
> First: We do not allow anonymous binding to our AD
> LDAP. So, for testing to date, I have used
> "Administrator" and the associated password in the
> config file.  Obviously this is less than ideal :)
> What is the best or better alternative?  Allowing
> anonymous bind?  Creating a bind-only "user" for auth
> purposes?

  The server needs to bind to AD only to get group information.  If
you can configure a user on AD that is permitted only to do that, that
would be the best thing.

> Am I correct that the NAS passes the username and
> password to FR in cleartext?

  Not for wireless.

> Is there any method to send/receive the password
> between FR and AD encrypted?

  SSL.

> Lastly, as I mentioned earlier, I have googles, read,
> googled, read, a *lot* of info.  Is there a CONCISE
> site anywhere on the web the defines everything needed
> without leaving out the *one* critical piece that
> actually makes it work? ;-)

  I'm not sure what you mean by that.  The HOWTO's describe how to
configure wireless with FreeRADIUS, and LDAP.  Follow the instructions
and they will work.

  Do you know what you want from wireless and AD?  It sounds like the
"one critical" piece you're looking for is something to solve a
problem you haven't articulated.

  Alan DeKok.




More information about the Freeradius-Users mailing list