Freeradius + EAP-TLS + LDAP
Alexandros Gougousoudis
gougousoudis-list at servicecenter-khs.de
Wed Apr 20 11:23:33 CEST 2011
Hi Folks,
the question makes sense, I think I wrote it not understandible enough.
1. What I already do is:
1.1. Authenticating via EAP-TLS Computers/Workstations against my Switches
1.2. Users are authenticated with PEAP and Cleartext-Passwords in
$RADDB/users
2. What I want to do is:
2.1. Upgrade to 2.1
2.2. Use my LDAP to collect and control authentification of Workstations
and Users
3. What I have is:
3.1. Certs on all Computer/Workstations and an entry in $RADDB/users of
the Computername wirh Authentification-Type = EAP
3.2. Users in my LDAP with crypted Passwords (MD5/crypt) AND Passwords
for Samba (NT-Passwords).
3.3. All Computernames in my LDAP (because I run a Samba-NT4-Domain).
4. Question is:
4.1. Can I configure FR to lookup the Computername upon a request in the
LDAP, and if it finds the entry to enter a EAP-TLS authentification, and
if not to deny access?
4.2. To authenticate all users of a specific group which are in LDAP
with their password which is stored crypted/hashed in LDAP using PEAP?
I hope it's clear enough now.
TIA
Alex
More information about the Freeradius-Users
mailing list