PEAP MSCHAP2 Freeradius Active Directory
Chris Liles
Chris.Liles at air2web.com
Wed Jun 28 23:08:13 CEST 2006
I never though about splitting the authentication and authorization between ntlm and ldap.
I don't see why that wouldn't work, but I really have no idea.
But that would be pretty slick, coupled with some hacked wrt54g's to support the vlans.... a pretty cheap enterprise level solution!
--
Chris Liles
> -----Original Message-----
> From: freeradius-users-
> bounces+chris.liles=air2web.com at lists.freeradius.org [mailto:freeradius-
> users-bounces+chris.liles=air2web.com at lists.freeradius.org] On Behalf Of
> Neal S. Garber
> Sent: Wednesday, June 28, 2006 4:44 PM
> To: FreeRadius users mailing list
> Subject: Re: PEAP MSCHAP2 Freeradius Active Directory
>
> > You will need to configure the LDAP module to fetch groups from ADs LDAP
> > server. See copious documentation or posts to the list. Broadly, once
> the
> > LDAP module is setup correctly:
> >
> > DEFAULT NAS-Port-Type == "Wireless-802.11", Ldap-Group == "Students"
> > Tunnel-Medium-Type = IEEE-802,
> > Tunnel-Private-Group-Id = 10,
> > Tunnel-Type = VLAN
> >
> > DEFAULT NAS-Port-Type == "Wireless-802.11", Ldap-Group == "Staff"
> > Tunnel-Medium-Type = IEEE-802,
> > Tunnel-Private-Group-Id = 20,
> > Tunnel-Type = VLAN
>
> The doc. states that LDAP only supports PAP. Is this a problem given he
> said he's using PEAP/MSCHAPv2? How would LDAP do the authentication if it
> doesn't have a clear text password? Or is the approach to use MSCHAPv2
> for
> authentication and then LDAP for authorization??
>
> Thanks for helping me better understand...
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list