an infamous LDAP-FreeRadius question
Phil Mayers
p.mayers at imperial.ac.uk
Tue Jul 11 16:18:06 CEST 2006
Matt Ashfield wrote:
> I have LDAP configured and can do a cleartext radius authentication using
> username/passwords (using radtest). What I'd like to do is take the next
> step and do 802.1x authentication for my windows clients and I suppose
> that's where I was hoping to find some cleancut instructions on this as I've
> seen quite a bit of threads concerning this but as mentioned in my initial
> email, they can be tough to follow.
It's really very simple. If you have users of the form:
dn: cn=username,ou=whatever,dc=domain,dc=com
objectClass: inetOrgPerson-or-whatever
cn: username
userPassword: theplaintextpass
...just set FR like so:
modules {
ldap {
server = foo
basedn = bar
# other attributes
password_attribute = userPassword
}
}
authorize {
preprocess
chap
mschap
eap
ldap
}
authenticate {
Auth-Type MS-CHAP {
mschap
}
Auth-Type CHAP {
chap
}
eap
}
If your userPassword are something like:
userPassword: {crypt}=3115313652
clearTextPass: {clear}theplaintext
..you would use
modules {
ldap {
password_header = "{clear}"
password_attribute = clearTextPass
}
}
...and so on.
More information about the Freeradius-Users
mailing list