freeradius 2.05 peap and ldap bind?
Alan DeKok
aland at deployingradius.com
Wed Jun 11 19:32:33 CEST 2008
Tim Tyler wrote:
> Freeradius experts,
> We just installed freeradius 2.05 on a Centos 5 system. We got PEAP
> working rather quickly against our ldap server against LM/NT passwords.
> We would also like to allow clients using Securew2 supplicants
> configured for TTLS -PAP connections against (crypt and SSHA) passwords
> stored in our ldap database.
That shouldn't be hard.
> I presume we need to do an ldap bind?
I would suggest not. LDAP bind is a hack. LDAP is a *database*. Use
it as a *database*.
> How do I configure TTLS-pap
> requests to do an ldap bind for authorization/authentication without
> breaking PEAP in 2.05? which 2.05 config file(s) will handle this
> directly?
Configure the LDAP module to pull the passwords from LDAP, and add
them into the request. This is, in fact, in the default config.
> Note:
> In the old 1.x configs, I used to use the following authorize and
> authentication configs show below to allow secureW2 users configured
> with TTLS-pap to work:
...
In 2.0, the virtual servers make your life easier. A LOT easier. See
raddb/inner-tunnel, and references to "inner-tunnel" in raddb/eap.conf.
There's even a sample config for testing the inner tunnel portion
without doing EAP...
Alan DeKok.
More information about the Freeradius-Users
mailing list