FR2.1.3+LDAP+802.1x+PEAP

Caius caiuspolgar at yahoo.com
Tue Nov 10 22:40:58 CET 2009


Hi Alan,

thank you for your answer, that page/table was awesome

regarding your tips:
a) i dont wanna do, maybe if i have no other choice, ill have 2 password attributes SSHA+NTLM, but its a clear no to clear-text, and a maybe to NT hash

b)  need it, so not gonna happen 

so, as i need to proceed further with my investigation, what are my options really? :D

i was thinking at the following:
to do the normal user authentication in LDAP, based on the provided realm, and if no realm present authenticate the users in users file.
Users which use 802.1x will be saved in clear-text in users file
and users used for authentication for other stuff, will be checked in LDAP (@mydomain.com)


or can i switch this around? a user: myuser at dot1x.com will be based on the real authenticated in users file for 802.1x and a user with no realm will be authenticated in LDAP?

please tell me your opinion on this, is it possible? 

Thanks & Best Regards,
Caius Pargar




      




More information about the Freeradius-Users mailing list