certificate requirements for EAP-PEAP using Radius-to-LDAP
Phil Mayers
p.mayers at imperial.ac.uk
Sat Jul 15 13:12:43 CEST 2006
Matt Ashfield wrote:
> Hi All
>
> I'm trying to do EAP-PEAP (with MSCHAPv2) radius authentication against an
> LDAP database with my passwords stored in clear text on the directory. I'm
> thinking my issues right now are with certificates.
PEAP requires a "server certificate" on the radius server. See the
CA.all or CA.certs scripts that come with the server, or generate them
with your existing CA *provided* you ensure the XP extension OIDs are in
the certs.
>
> Can someone give me a quick explanation of what certificate requirements I
> need to have on my radius server for doing the NAS-radius conversation as
> well as the ldap authorization. Also, what certificates do I need for/from
> the LDAP server?
That is not a radius issue, and is purely dependent on your LDAP server
setup. Typically if a cert is used at all, it would be on the LDAP
server, and the radius server (which is an LDAP client) just does normal
SSL.
More information about the Freeradius-Users
mailing list