freeradius 2.05 peap and ldap bind?
aland at deployingradius.com
Wed Jun 11 19:32:33 CEST 2008
Tim Tyler wrote:
> Freeradius experts,
> We just installed freeradius 2.05 on a Centos 5 system. We got PEAP
> working rather quickly against our ldap server against LM/NT passwords.
> We would also like to allow clients using Securew2 supplicants
> configured for TTLS -PAP connections against (crypt and SSHA) passwords
> stored in our ldap database.
That shouldn't be hard.
> I presume we need to do an ldap bind?
I would suggest not. LDAP bind is a hack. LDAP is a *database*. Use
it as a *database*.
> How do I configure TTLS-pap
> requests to do an ldap bind for authorization/authentication without
> breaking PEAP in 2.05? which 2.05 config file(s) will handle this
Configure the LDAP module to pull the passwords from LDAP, and add
them into the request. This is, in fact, in the default config.
> In the old 1.x configs, I used to use the following authorize and
> authentication configs show below to allow secureW2 users configured
> with TTLS-pap to work:
In 2.0, the virtual servers make your life easier. A LOT easier. See
raddb/inner-tunnel, and references to "inner-tunnel" in raddb/eap.conf.
There's even a sample config for testing the inner tunnel portion
without doing EAP...
More information about the Freeradius-Users