Freeradius + LDAP for WPA-Enterprise
Vinicius Teixeira Coelho
vinicius.ti at gmail.com
Fri Feb 11 19:41:43 CET 2011
Yes, but your samba is using the ldap
[]'s
--
Vinicius Teixeira Coelho
Registered Linux User #469313
The Ubuntu Counter Project - user number # 21463
On Fri, Feb 11, 2011 at 4:35 PM, Gary Gatten <Ggatten at waddell.com> wrote:
> Yeah, but that’s SAMBA – not LDAP. (Added "Password-With-Header ==
> userPassword" to raddb / ldap.attrmap ) sounds interesting!
>
>
> ------------------------------
>
> *From:* freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org[mailto:
> freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org] *On
> Behalf Of *Vinicius Teixeira Coelho
> *Sent:* Friday, February 11, 2011 12:09 PM
>
> *To:* FreeRadius users mailing list
> *Subject:* Re: Freeradius + LDAP for WPA-Enterprise
>
>
>
> Hello, I'm trying to do the same thing, I know I have to use winbind and
> samba to get it, but in reading the news I found this freeradius 2.1 Added
> "Password-With-Header == userPassword" to raddb / ldap.attrmap This Will
> automaticallyconvert more passwords
>
>
>
> []'s
> --
> Vinicius Teixeira Coelho
>
> Registered Linux User #469313
> The Ubuntu Counter Project - user number # 21463
>
> On Fri, Feb 11, 2011 at 3:37 PM, Gary Gatten <Ggatten at waddell.com> wrote:
>
> I'm barely a novice with FR, so take this with a grain of salt:
>
> You forced ALL Authentication requests to use LDAP. EAP / LDAP don't play
> well together. Remove the "Auth Type LDAP" - for now.
>
> You almost "never" want to set the Auth-Type directly, FR figures it out
> from the request. For testing and troubleshooting it's OK, and if you
> really know what the consequences are its OK, but generally speaking don't
> set the auth type.
>
> As for accomplishing your goal, unfortunately others will have to help you
> with that - I don't know FR/LDAP/EAP well enough. But, I don't THINK you
> can authenticate EAP requests against LDAP directly because of the "no clear
> text password" issue.
>
> Gary
>
>
>
> -----Original Message-----
> From: freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org[mailto:
> freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org] On
> Behalf Of Max Schröder
> Sent: Friday, February 11, 2011 11:06 AM
> To: freeradius-users at lists.freeradius.org
> Subject: Freeradius + LDAP for WPA-Enterprise
>
> Hello to all,
>
> I would like to use Freeradius to authenticate my wireless network using
> OpenWRT and Freeradius + LDAP. What I've done:
>
> First Authenticated Users in WLan using EAP-TTLS and files in
> Freeradius. WORKED! Then I've configured ldap-Modul + added "ldap" in
> the authorize- and "Auth-Type LDAP { ldap }" in the
> authenticate-section. The test via radtest succeeded.
>
> But now the authentication using OpenWRT (EAP-TTLS) like the first try
> with files - now with ldap did not work. I do noticed the following comment
>
> # Note that this means "check plain-text password against
> # the ldap database", which means that EAP won't work,
> # as it does not supply a plain-text password.
> Auth-Type LDAP { ldap }
>
> but I don't know what to change that it worked like my first try with
> the difference the users are in LDAP instead of a file.
>
> Hope to get any hints
>
> Best regards.
> MS
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
>
> <font size="1">
> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in
> 0in 1.0pt 0in'>
> </div>
> "This email is intended to be reviewed by only the intended recipient
> and may contain information that is privileged and/or confidential.
> If you are not the intended recipient, you are hereby notified that
> any review, use, dissemination, disclosure or copying of this email
> and its attachments, if any, is strictly prohibited. If you have
> received this email in error, please immediately notify the sender by
> return email and delete this email from your system."
> </font>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> "This email is intended to be reviewed by only the intended recipient
> and may contain information that is privileged and/or confidential. If you
> are not the intended recipient, you are hereby notified that any review,
> use, dissemination, disclosure or copying of this email and its attachments,
> if any, is strictly prohibited. If you have received this email in error,
> please immediately notify the sender by return email and delete this email
> from your system."
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110211/f3aae053/attachment.html>
More information about the Freeradius-Users
mailing list