Wireless WPA2 enterprise Radius authentication
Sven Hartge
sven at svenhartge.de
Thu Oct 28 01:11:36 CEST 2010
Maurice James <midnightsteel at msn.com> wrote:
> How do I do it?
You need a password in the clear in your LDAP directory, not hashed. I use a
different (self defined) attribute in my LDAP directory to do this and
use ldap.attrmap to map this attribute (called gifb-NetzPassword in my
schema) to the required RADIUS-Attribute-Name:
checkItem Cleartext-Password gifb-NetzPassword
And no, there is _no_ way to use _any_ CHAP method using an encrypted or
hashed password.
> Radius to ldap works no problem
Yes, because this most definitely uses PAP as authentication method,
which works with hashed/encrypted passwords.
> Wireless to radius to ldap does not
This is because the windows wireless supplicant can only use MSCHAPv2
(or ans SSL cert) to authenticate. This is a FAQ item, I suggest you to
read the documentation on the website again.
http://wiki.freeradius.org/index.php/FAQ#PAP_authentication_works_but_CHAP_fails
Grüße,
Sven.
--
Sig lost. Core dumped.
More information about the Freeradius-Users
mailing list