Wi-Fi and LDAP password auth
Matthias Saou
thias at spam.spam.spam.spam.spam.spam.spam.egg.and.spam.freshrpms.net
Wed Oct 29 17:55:28 CET 2008
tnt at kalik.net wrote :
> >My requirements :
> > * Be able to have many different types of clients supported (Windows
> >XP, GNU/Linux wpa_supplicant/NM, mobile devices etc.).
> > * Not to have to bother about a local CA or any type of PKI (i.e. not
> >generate certificates for all users, just have them user their
> >login/pass).
> >
>
> PEAP should be the protocol most clients will use.
>
> >Should I go with EAP-PEAP? Is that the "PEAPv0/EAP-MSCHAPv2" from the
> >wiki?
>
> Yes.
Then I'm still completely lost. I've spent the whole day trying to get
my mobile phone to connect to the Wi-Fi using EAP-TLS and EAP-PEAP with
MSCHAPv2 in the PEAP configuration part. The radiusd debug output isn't
really clear to me, and I'm still not sure where my problem is :
* Is my Wi-Fi AP working okay? I guess since it's meant to be "dumb"...
* Is my mobile phone configured okay? I don't know.
* Is my radiusd configured okay? I don't know.
* Is my LDAP client access configured okay? I don't know.
* Are my SSL certificates configured okay? I don't know.
* Am I even trying to right EAP modules/combination/auth? I don't know.
Pretty tough, eh? :-)
I'll be digging some more, but I do have three quick questions :
1) The only output I manage to get related to TLS is the following, is
it normal or does it denote an error?
[tls] Initiate
[tls] Start returned 1
2) I keep getting this warning about LDAP passwords, but it seems like
radiusd did manage to get the two useful hashes, should I worry or is
the message harmless?
[ldap] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x394133304 [...]
rlm_ldap: sambaLmPassword -> LM-Password == 0x433042322 [...]
[ldap] looking for reply items in directory... WARNING: No "known good"
password was found in LDAP. Are you sure that the user is configured
correctly?
[ldap] user matthias authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
3) What is it I should be configuring exactly on my mobile phone?
Is EAP-TLS and EAP-PEAP with EAP-MSCHAPv2 something that should be
working or am I on the wrong track?
Matthias
--
Clean custom Red Hat Linux rpm packages : http://freshrpms.net/
Fedora release 9 (Sulphur) - Linux kernel 2.6.26.5-45.fc9.x86_64
Load : 0.19 0.14 0.14
More information about the Freeradius-Users
mailing list