ldap (sambaNtPassword) + peap-mschapV2 + freeradius : step by step question

FM dist-list at LEXUM.UMontreal.CA
Wed Nov 19 19:52:53 CET 2008

I am trying to add a Wifi AP (aironet 1250). I am trying to use
PEAP/MSCHAPV2 and SAMBA SambaNTpassword (LDAP Back-end).
I read a lot of the question about the subject on the ML and cannot
figure out all the steps. So here are all the steps I did :

On the AP : I configured our radius server as the server manager. It
thinks it is ok because the radius SRV receive request from it.

for the AP I added a entry in clients.conf :
client {
        ipaddr =
        shortname = wifi01
        secret = mypassword

I edited the /modules/ldap :
ldap {
        server = "localhost"
        identity = "cn=manager,dc=lan,dc=lexum,dc=pri"
        password = manager_password
        basedn = "dc=lan,dc=lexum,dc=pri"
        filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
        base_filter = "(objectclass=sambaSamAccount)"
        password_attribute = NT-Password

I edited the ldap.attrmap (to map NT-Pasword to sambaNtPassword) :
#checkItem      LM-Password                     lmPassword
#checkItem      NT-Password                     ntPassword
checkItem       LM-Password                     sambaLmPassword
checkItem       NT-Password                     sambaNtPassword

I DID NOT touch radiusd.conf

I DID NOT touch /etc/raddb/sites-enabled/default

I know that I need to enable ldap somewhere but ... where :D

I will not post the result of -X because I know I need other config.



More information about the Freeradius-Users mailing list