WLAN - Freeradius - OpenLDAP - VLANs

_Stefan_H stefanh007 at networld.at
Mon Nov 9 15:30:04 CET 2009 

Thanks for answering and I hope that I will have no problems in configuring
the server .... but I think that won't happen.


nf-vale wrote:
> 
> On Monday 09 November 2009 12:25:13 José Johnny RANDRIAMAMPIONONA wrote:
>> Freeradius work well with openldap but only with cleartext password
>> (PAP).
>> Best regards!
> 
> Don't give wrong answers if you're not sure of what you're talking.
> 
>> 
>> 2009/11/9 _Stefan_H <stefanh007 at networld.at>
>> 
>> > First I know my english is not the best, but i hope you will understand
>> > it.
>> >
>> > In the course of a project i have to make an authentification against a
>> > freeradius server for the WLAN Users.
>> > On the Server(OpenSUSE11.1) is a LDAP Directory and i want that the
>> WLAN
>> > Users have to authentificate with their accounts. After the successful
>> > authentification they will be put into an other VLAN, that they can use
>> > their homedirectories.
>> >
>> > I would like to know how I should do it, because i inform me about the
>> > Authentification Types(EAP-TLS,TTLS,PEAP) and know I am totally
>> confused
>> > which i have to configure at the freeradius Server.
> 
> See http://deployingradius.com/documents/protocols/compatibility.html for 
> compatibilty issues.
> 
> 
> You can authenticate users using PEAP against LDAP just as long as the
> user's 
> entries in the LDAP DB have NT / LM password hashes. For instance, if
> using 
> OpenLDAP, you need to include the samba.schema in the supported schemas
> list 
> and then add sambaNTPassword and sambaLMPassword to each one of the user's 
> entries  in the DB.
> 
> Ex:
> 
> "
> dn: uid=xxx,ou=people,dc=local,dc=loc
> objectClass: inetOrgPerson
> objectClass: sambaSamAccount
> uidNumber: 1
> uid: xxx
> userPassword:: e01ENX1mMmhLRytkajNnSSs2aEtmL3ltSnV3PT0=
> sambaLMPassword: AB849716E6B337C43B639FCD27BDA434
> sambaNTPassword: 9574805413661ADC5E8FA7B943026723
> ...
> "
> 
> You can hash the user's password using the smbencrypt utility.
> 
>> >
>> > I think that PEAP would be the easiest, but I really don't know which
>> can
>> > be
>> > used whth a dynamic VLAN.
>> >
>> > http://old.nabble.com/file/p26230857/1.jpeg
>> >
>> > The AP is an Linksys WRT-54-GS
>> > and the Switch is an CISCO-2950
>> >
>> >
>> >
>> > --
>> > View this message in context:
>> >
>> http://old.nabble.com/WLAN----Freeradius----OpenLDAP----VLANs-tp26230857p
>> >26230857.html Sent from the FreeRadius - User mailing list archive at
>> > Nabble.com.
>> >
>> > -
>> > List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>> 
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 

-- 
View this message in context: http://old.nabble.com/WLAN----Freeradius----OpenLDAP----VLANs-tp26230857p26267282.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

More information about the Freeradius-Users mailing list