Freeradius + LDAP for WPA-Enterprise

Fri Feb 11 19:09:02 CET 2011

Hello, I'm trying to do the same thing, I know I have to use winbind and
samba to get it, but in reading the news I found this freeradius 2.1 Added "
Password-With-Header == userPassword" to raddb / ldap.attrmap This Will
automaticallyconvert more passwords

[]'s
--
Vinicius Teixeira Coelho

Registered Linux User #469313
The Ubuntu Counter Project - user number # 21463

On Fri, Feb 11, 2011 at 3:37 PM, Gary Gatten <Ggatten at waddell.com> wrote:

> I'm barely a novice with FR, so take this with a grain of salt:
>
> You forced ALL Authentication requests to use LDAP.  EAP / LDAP don't play
> well together.  Remove the "Auth Type LDAP" - for now.
>
> You almost "never" want to set the Auth-Type directly, FR figures it out
> from the request.  For testing and troubleshooting it's OK, and if you
> really know what the consequences are its OK, but generally speaking don't
> set the auth type.
>
> As for accomplishing your goal, unfortunately others will have to help you
> with that - I don't know FR/LDAP/EAP well enough.  But, I don't THINK you
> can authenticate EAP requests against LDAP directly because of the "no clear
> text password" issue.
>
> Gary
>
>
> -----Original Message-----
> From: freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org[mailto:
> freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org] On
> Behalf Of Max Schröder
> Sent: Friday, February 11, 2011 11:06 AM
> To: freeradius-users at lists.freeradius.org
> Subject: Freeradius + LDAP for WPA-Enterprise
>
> Hello to all,
>
> I would like to use Freeradius to authenticate my wireless network using
> OpenWRT and Freeradius + LDAP. What I've done:
>
> First Authenticated Users in WLan using EAP-TTLS and files in
> Freeradius. WORKED! Then I've configured ldap-Modul + added "ldap" in
> the authorize- and "Auth-Type LDAP { ldap }" in the
> authenticate-section. The test via radtest succeeded.
>
> But now the authentication using OpenWRT (EAP-TTLS) like the first try
> with files - now with ldap did not work. I do noticed the following comment
>
> # Note that this means "check plain-text password against
> # the ldap database", which means that EAP won't work,
> # as it does not supply a plain-text password.
> Auth-Type LDAP { ldap }
>
> but I don't know what to change that it worked like my first try with
> the difference the users are in LDAP instead of a file.
>
> Hope to get any hints
>
> Best regards.
> MS
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
>
>
> <font size="1">
> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in
> 0in 1.0pt 0in'>
> </div>
> "This email is intended to be reviewed by only the intended recipient
>  and may contain information that is privileged and/or confidential.
>  If you are not the intended recipient, you are hereby notified that
>  any review, use, dissemination, disclosure or copying of this email
>  and its attachments, if any, is strictly prohibited.  If you have
>  received this email in error, please immediately notify the sender by
>  return email and delete this email from your system."
> </font>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110211/33e4cf5f/attachment.html>