Wi-Fi and LDAP password auth

Matthias Saou thias at spam.spam.spam.spam.spam.spam.spam.egg.and.spam.freshrpms.net
Tue Oct 28 20:47:24 CET 2008


Hi,

I've got a couple of Wi-Fi APs that support "802.1X" (3Com 7760), so I
want to configure them to authorize client connections based on user
information stored in an LDAP server (Fedora Directory Server, all users
already have "samba" type password hashes).

My first question for the list, to which I haven't been able to find a
clear answer ever is : What EAP sub-types are the ones I should
configure?

My requirements :
 * Be able to have many different types of clients supported (Windows
XP, GNU/Linux wpa_supplicant/NM, mobile devices etc.).
 * Not to have to bother about a local CA or any type of PKI (i.e. not
generate certificates for all users, just have them user their
login/pass).

I used to have a working EAP-PEAP setup, with MSCHAPv2 IIRC, the
current LDAP server and a Linksys AP. Unfortunately that setup is no
more and I need to reconfigure one from scratch.

Should I go with EAP-PEAP? Is that the "PEAPv0/EAP-MSCHAPv2" from the
wiki? I also store md5 passwords in my LDAP server, is there any other
simpler way to configure access using those instead of the LM/NT
passwords? (my understanding is that... nope)

Sorry for all of these possibly silly questions, it's just that the
more docs I read to try and implement what I need, the more I feel lost
(which isn't a very good sign).

TIA for any help,
Matthias

-- 
Clean custom Red Hat Linux rpm packages : http://freshrpms.net/
Fedora release 9 (Sulphur) - Linux kernel 2.6.26.5-45.fc9.x86_64
Load : 0.57 0.52 0.60



More information about the Freeradius-Users mailing list