FR2.1.3+LDAP+802.1x+PEAP

tnt at kalik.net tnt at kalik.net
Wed Nov 11 19:53:47 CET 2009


> my problem was that in LDAP i have the passwords save as SSHA, so i cant
> do 802.1x with EAP/PEAP/mschap
>
> as i dont wanna change my LDAP configuration to store the passwords in
> clear-text, or to use samba.scheme and to use NT hash. The only option
> remaining from my view point was to try and distinguish between normal
> authentication and 802.1x authentication
>
> thats why i came up with this realm stuff, to be able to authenticate
> 802.1x users in the users file (where i have user/passwords in clear-text)
> and normal users in LDAP (SSHA)

Ugh, how does that make sense? Why don't you want nt or clear passwords in
ldap? Security? But it's so much easier to read a plain text (users) file
than break into ldap.

> thats why i was asking if, its possible, and if it functional, or maybe
> there is another solution then the one provided by Alan (to not use
> 802.1x) :D

There is only one solution if you want to use 802.1x: store passwords that
peap can use.


Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list