Freeradius + EAP-TLS + LDAP
Alexandros Gougousoudis
gougousoudis-list at servicecenter-khs.de
Tue Apr 19 14:55:28 CEST 2011
Hi,
with my FR 1.x installation I'am authenticating via EAP-TLS Computers
against my Switches. User are authenticated with PEAP, all are held in
the users-textfile in $RADDB/users
But with rising number of PCs and Users the edit of the users file is a
bit uncomfortable. I want to upgrade everything to FR 2.1 on my
Debian-Squeeze-Box, using LDAP, because I have already all Users and PCs
in my OpenLDAP (for the use of Samba).
I'am a bit unsure about the doc, which says no EAP-TLS while using LDAP
and no crypted passwords. If I read here, I have the impression that
this is something what some people already do.
I like to authenticate PCs with EAP-TLS, which are in the LDAP List by
name, there is no need to extract an cert from the LDAP-Tree. Just check
the name and if the cert matches to the server-cert the access is
granted. As I already do now.
The users should be checked by uid and the password should be checked,
but I have of course no cleartext-password in my LDAP, they are all
crypt or MD5 (depends on tree).
Is this possible or not?
TIA
Alex
More information about the Freeradius-Users
mailing list