802.1x ->Radius ->Ldap

Kyle Plimack kplimack at videoegg.com
Fri Jun 18 02:44:45 CEST 2010

I have pap working (i.e.  I ran radtest and got an access-accept).
I don't want to configure certs on each of my hosts for each of my clients, so I'd like to use PEAP/msChapV2 so that dot1x clients are prompted for and username/password.

According the the deployingradius.com guide, once pap is working, mschapv2 should "just work".  It doesn't.

I've put the log on pastebin where it is formatted in a more friendly way


On 6/17/10 8:57 AM, "Videoegg Inc" <kplimack at videoegg.com> wrote:

I'm trying to use ldap to authorize/authenticate my users into the wireless network using 802.1x.
I just created a fresh installation of freeradius 2.1.7.  We use Centos Directory Server (aka red had dir. Srv / fedora dir.srv), not openLdap.

I've read a lot of threads and looked at the protocol / encryption compatibility chart, but I've never seen someone say, "this is the solution".  An alternative I'm considering (I don't know if its possible), is having radius pass the authentication request to PAM.   Pam, on my radius server, is already connected to ldap, and should be able to provide the same authentication.  Is is possible, and if so how should I do it?

Attached is the output from radiusd -X, can you help me determine why authentication is failing, but authorization is passing?  Can I automatically authenticate once authorized?  Why are they two different processes?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100617/970288a9/attachment.html>

More information about the Freeradius-Users mailing list