EAP/PEAP, LDAP and Dynamic VLAN Assignment HOW-TO

Thibault Le Meur Thibault.LeMeur at supelec.fr
Tue Jul 17 10:41:00 CEST 2007


Hi,

 
> 
> Hi,
> i would make this architecture:
> - authentication EAP/PEAP with MS-CHAPv2 with users in LDAP 
> database. Better with encrypted password, but not necessary.

Either:
* use Clear-text passwords in the userpassword attribute
* OR add an Ldap attribute that will hold the NTML hash version of the user
password (with leading '0x'), then use ldap.attrmap to map NT-Password to
your LDAP ntlm password attribute

> - Every users have an attribute or something to assign it a 
> VLAN.

You can use radiusReplyItem LDAP attribute
OR create several radius profiles (one for each VLAN) and assign the one
that corresponds to the user 
In the users file (for instance using LDAP-groups)

> I have OpenLDAP and Freeradius 1.1.3, the distributuion 
> presents in CentOS 5. Is it possible? Some suggestions?

Yes it is possible in several ways... Find your own...

HTH,
Thibault


> 
>  --------------------------------------
>           Vincenzo Agosti
>   Università degli Studi di Salerno
>      Ufficio Sistemi Tecnologici
>   Coordinamento Servizi Informatici
>     Via Ponte don Melillo, s.n.c.
>         84084 - Fisciano (SA)
>      Tel.  +39 089 96 6101 - 9776
>       Fax  +39 089 96 6368 - 9806
>         Cell. +39 335 427674
> --------------------------------------
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 






More information about the Freeradius-Users mailing list