EAP + TLS + Unix passwords

John Dennis jdennis at redhat.com
Thu Nov 19 20:10:13 CET 2009


On 11/19/2009 01:43 PM, Andy Theuninck wrote:
> I'm trying to set up freeradius to handle WPA authentication on my
> network. I've managed to get the AP&  radius servers talking to one
> another and the SSL certificates loaded and configured, but I can't
> figure out how to get the username&  passwords checked against the
> local /etc/shadow file. Free radius version is 1.1.3, latest binary
> provided by my version of CentOS.

You can get current 2.x versions, read this:
http://wiki.freeradius.org/Red_Hat_FAQ

  The client attempting to connect is
> Mac OS X 10.4. In a perfect world, I'd like to support both OS X and
> Windows XP with names&  passwords checked against /etc/shadow. I could
> probably add an openldap server to function as a go-between if that
> would make the configuration easier.
>
> Ideally, I'm looking for an pointers what I'm doing wrong OR an
> indication that what I'm trying to pull off is impossible. Output and
> config files follow. Notably, to me at least, is that the "users" line
> noted in the eap match, 152, is "DEFAULT Auth-Type = System", but
> rlm_unix is never even attempted.

Yes, what you're trying to do is impossible. Unix/Shadow passwords are 
stored using the "crypt" hash. You're trying to do 802.1x, e.g. EAP

Knowing that then read this:
http://deployingradius.com/documents/protocols/compatibility.html

-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



More information about the Freeradius-Users mailing list