FreeRADIUS without Universal Password
Alexander Clouter
alex at digriz.org.uk
Thu Feb 5 10:04:17 CET 2009
* Jason C Brown <jasonbrown at ferris.edu> [Wed, 4 Feb 2009 17:41:49 -0500]:
>
> Is there a way to integrate FreeRADIUS without having to use the
> universal password in Novell?
>
You need to send the password in plaintext to the RADIUS server from the
connecting client, in the world of 802.1X this is typically done with
wrapping PAP in EAP-TTLS[1]. It's what we had to do in the early days
whilst migrating from a non-UP world to a UP world...now I just have to
work out how to dispose of Novell but that's another battle.
When you use PAP, you can just do a nasty bog standard LDAP bind and get
FreeRADIUS to check that it succeeds and then work from there.
Once you are UP'ed you can then enable the horrors of MSCHAP and let
those horrible Jesus Phones connect and what not. Looking on the good
side, no iPhones on your wireless network till you get there, so you
might want to view this as a reason not to UP altogether ;)
Cheers
[1] which is better than PEAP anyway as you have the option to
pre-config windows clients with a single EXE; if you choose to
use SecureW2
--
Alexander Clouter
.sigmonster says: Practice yourself what you preach.
-- Titus Maccius Plautus
More information about the Freeradius-Users
mailing list