need help & advice getting started with freeradius
tnt at kalik.net
tnt at kalik.net
Sat Apr 4 22:12:49 CEST 2009
>In my scenario I would like to use PEAP if possible but not require the user
>client to have a certificate, just the radius-server (which is why i believe
>the TTLS solution will be in-efficient here as i would have to deal with
>handy out client certificates to hundreds of users). And to be asked thern
>their username and password to authticate onto our wireless. Would combining
>these two guides work to get these two intial sets up and running?
>
PEAP will require passwords stored as clear text or nt hash. If your
passwords are stored as something else they will have to be changed. As
for combining freeradius and ldap prehaps you should read freeradius
documentation first (wiki or doc/rlm_ldap from the download) and then
see is there any need to bother wiyh third party stuff.
>Second up how can i then extend this system so that i can ban specific users
Read about dialupAccess attribute in rlm_ldap document.
>and groups
Read about setting up group membership filter (you can guess by now - in
rlm_ldap document) and use unlang in authorize section:
if (Ldap-Group == whatever) {
reject
}
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list