PEAP MSCHAP2 Freeradius Active Directory
Neal S. Garber
neal at rochester.rr.com
Wed Jun 28 22:44:24 CEST 2006
> You will need to configure the LDAP module to fetch groups from ADs LDAP
> server. See copious documentation or posts to the list. Broadly, once the
> LDAP module is setup correctly:
>
> DEFAULT NAS-Port-Type == "Wireless-802.11", Ldap-Group == "Students"
> Tunnel-Medium-Type = IEEE-802,
> Tunnel-Private-Group-Id = 10,
> Tunnel-Type = VLAN
>
> DEFAULT NAS-Port-Type == "Wireless-802.11", Ldap-Group == "Staff"
> Tunnel-Medium-Type = IEEE-802,
> Tunnel-Private-Group-Id = 20,
> Tunnel-Type = VLAN
The doc. states that LDAP only supports PAP. Is this a problem given he
said he's using PEAP/MSCHAPv2? How would LDAP do the authentication if it
doesn't have a clear text password? Or is the approach to use MSCHAPv2 for
authentication and then LDAP for authorization??
Thanks for helping me better understand...
More information about the Freeradius-Users
mailing list