Connecting freeRadius to openLDAP

Eric Bourkland eric.bourkland at trustedconcepts.com
Tue Jul 21 22:39:59 CEST 2009


I am not using AD, it is OpenLDAP that comes with Zimbra.  Zimbra is an e-mail client that uses regular ole openLdap as it's authentication and attribute store.
I have been able to get a lot of good information from your site but I haven't been able to find the key piece of information I need, or at least it hasn't jummped out at me yet.

Right now it looks like I have a few options but I don't know if any of them are viable, get OpenLDAP to store it's password as clear text, don't really like this idea but may have to.
See if there is a way to somehow get an innter tunnel to use ttls/pap to connect to the ldap server and perfrom authentication that way since it appears that PAP authentication does work.  But I don't know if there can be a change in crypt for the authentication from the client which uses MSCHAPv2/PEAP and PAP.  
and lastly is to see if I can add NT/LM tags to my ldap server.  I haven't been able to find what is the best option or how to do any of the above just yet.

I thought that what I am trying to do is pretty straight forward but it doesn't seem to be that way.  
Client connect to Access point/router and the client has to use MSCHAPv2/PEAP and then have the Access Point connect to Radius and then to my OpenLDAP for authentication.

If anyone has any other ideas I am open to suggestions.

Thanks,

----- Original Message -----
From: "Alan DeKok" <aland at deployingradius.com>
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Tuesday, July 21, 2009 4:21:57 PM GMT -05:00 US/Canada Eastern
Subject: Re: Connecting freeRadius to openLDAP

Eric Bourkland wrote:
> below is my debug file.  The interesting thing is when I am trying to do an ldap search it doesn't list the password attribute 

  Are you using Active Directory?  If so, please understand that it is
NOT an LDAP server.

  You will need to use Samba to do authentication against AD.  See my
web page (deployingradius.com) for complete instructions.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list