Freeradius + LDAP for WPA-Enterprise

Gary Gatten Ggatten at waddell.com
Fri Feb 11 21:39:19 CET 2011


We just started using WPA2-Enterprise.  We use SAMBA / ntlm_auth / AD.  I honestly don't know if / how you can do it using pure LDAP.  Someone else posted something about new LDAP attributes that may work, but that's way over my head.  Maybe if you use certs instead of uname/passwords it will work with pure LDAP?  Sorry I can't help much....

G


-----Original Message-----
From: freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org] On Behalf Of Max Schröder
Sent: Friday, February 11, 2011 2:31 PM
To: FreeRadius users mailing list
Subject: Re: Freeradius + LDAP for WPA-Enterprise

Gary Gatten wrote:
> You forced ALL Authentication requests to use LDAP.  EAP / LDAP don't play well together.  Remove the "Auth Type LDAP" - for now.
>   
If I remove that the radtest failed for a LDAP-User. It returns a 
rejected Message.
> As for accomplishing your goal, unfortunately others will have to help you with that - I don't know FR/LDAP/EAP well enough.  But, I don't THINK you can authenticate EAP requests against LDAP directly because of the "no clear text password" issue.
>   
How else would you authenticate a WPA(2)-Enterprise with Radius using 
LDAP-Accounts?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."
</font>





More information about the Freeradius-Users mailing list