Freeradius + LDAP for WPA-Enterprise

schilling schilling2006 at gmail.com
Fri Feb 11 22:04:06 CET 2011 

If you want to use ldap as authentication source, either you have
plaintext password in ldap or ntPassword hash stored in ldap.  You can
search the list of my name, I just got both eap/peap against Active
Directory w/ ntlm_auth and against ldap w/ ntPassword recently. I
posted my configuration on the list.  I am using peap because of we
don't want to install a third party supplicant.


Schilling

On Fri, Feb 11, 2011 at 3:44 PM, Gary Gatten <Ggatten at waddell.com> wrote:
> PS: We also use ntlm_auth for 802.1x.  All the docs I read and the comments within the various FR files say EAP and LDAP won't work - for Authentication.  Authorization should be fine.
>
> G
>
>
> -----Original Message-----
> From: freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org] On Behalf Of Max Schröder
> Sent: Friday, February 11, 2011 2:31 PM
> To: FreeRadius users mailing list
> Subject: Re: Freeradius + LDAP for WPA-Enterprise
>
> Gary Gatten wrote:
>> You forced ALL Authentication requests to use LDAP.  EAP / LDAP don't play well together.  Remove the "Auth Type LDAP" - for now.
>>
> If I remove that the radtest failed for a LDAP-User. It returns a
> rejected Message.
>> As for accomplishing your goal, unfortunately others will have to help you with that - I don't know FR/LDAP/EAP well enough.  But, I don't THINK you can authenticate EAP requests against LDAP directly because of the "no clear text password" issue.
>>
> How else would you authenticate a WPA(2)-Enterprise with Radius using
> LDAP-Accounts?
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
>
>
> <font size="1">
> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
> </div>
> "This email is intended to be reviewed by only the intended recipient
>  and may contain information that is privileged and/or confidential.
>  If you are not the intended recipient, you are hereby notified that
>  any review, use, dissemination, disclosure or copying of this email
>  and its attachments, if any, is strictly prohibited.  If you have
>  received this email in error, please immediately notify the sender by
>  return email and delete this email from your system."
> </font>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list