Freeradius + LDAP for WPA-Enterprise

Gary Gatten Ggatten at waddell.com
Fri Feb 11 21:44:47 CET 2011


PS: We also use ntlm_auth for 802.1x.  All the docs I read and the comments within the various FR files say EAP and LDAP won't work - for Authentication.  Authorization should be fine.

G


-----Original Message-----
From: freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org] On Behalf Of Max Schröder
Sent: Friday, February 11, 2011 2:31 PM
To: FreeRadius users mailing list
Subject: Re: Freeradius + LDAP for WPA-Enterprise

Gary Gatten wrote:
> You forced ALL Authentication requests to use LDAP.  EAP / LDAP don't play well together.  Remove the "Auth Type LDAP" - for now.
>   
If I remove that the radtest failed for a LDAP-User. It returns a 
rejected Message.
> As for accomplishing your goal, unfortunately others will have to help you with that - I don't know FR/LDAP/EAP well enough.  But, I don't THINK you can authenticate EAP requests against LDAP directly because of the "no clear text password" issue.
>   
How else would you authenticate a WPA(2)-Enterprise with Radius using 
LDAP-Accounts?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."
</font>





More information about the Freeradius-Users mailing list