FreeRadius/eDirectory/802.1X authentication issue

Newall, Bryce bnewall at powayusd.com
Thu Jun 12 21:35:59 CEST 2008


> -----Original Message-----
> From:
freeradius-users-bounces+bnewall=powayusd.com at lists.freeradius.org
> [mailto:freeradius-users-
> bounces+bnewall=powayusd.com at lists.freeradius.org] On Behalf Of Ivan
Kalik
> Sent: Thursday, June 12, 2008 12:20 PM
> To: FreeRadius users mailing list
> Subject: RE: FreeRadius/eDirectory/802.1X authentication issue
> 
> >Dumb question perhaps, but without configuring LDAP, how does EAP-TLS
> >know where to send authentication requests?
> >
> 
> EAP-TLS is certificate based authentication. All you need in order to
get
> authenticated is a valid certificate. Do you mean authorization?

Ahh, your answer just made our current RADIUS configuration more
understandable to me!  As I may have mentioned, I inherited this setup
from someone else who left the district.  The way it is currently
working, we do not have to install certificates on a laptop.  The
"Validate server certificate" option on our laptops' wireless
configuration is turned off.  The idea was to keep it as simple as
possible for users, yet maintain some semblance of security.

Apparently, the way we're doing it right now is using EAP-TLS with PEAP
authentication, which is passing the user's credentials through an
encrypted tunnel to the RADIUS server, which is in turn passing the
credentials through to eDirectory via LDAP.  At least, I *think* I'm
explaining that correctly. :)  I'd like to maintain that setup with
FreeRADIUS 2.0.5, but I'm still having a hard time following the
configuration and authentication path with the current 1.1.0 setup.

Thanks!

Bryce Newall
Systems Administrator
Poway Unified School District
(858) 679-2576
bnewall at powayusd.com





More information about the Freeradius-Users mailing list