Freeradius + LDAP for WPA-Enterprise

Vinicius Teixeira Coelho vinicius.ti at gmail.com
Sat Feb 12 01:37:17 CET 2011 

this is great, i will search.

Enviado via iPhone

Em 11/02/2011, às 19:04, schilling <schilling2006 at gmail.com> escreveu:

> If you want to use ldap as authentication source, either you have
> plaintext password in ldap or ntPassword hash stored in ldap.  You can
> search the list of my name, I just got both eap/peap against Active
> Directory w/ ntlm_auth and against ldap w/ ntPassword recently. I
> posted my configuration on the list.  I am using peap because of we
> don't want to install a third party supplicant.
> 
> 
> Schilling
> 
> On Fri, Feb 11, 2011 at 3:44 PM, Gary Gatten <Ggatten at waddell.com> wrote:
>> PS: We also use ntlm_auth for 802.1x.  All the docs I read and the comments within the various FR files say EAP and LDAP won't work - for Authentication.  Authorization should be fine.
>> 
>> G
>> 
>> 
>> -----Original Message-----
>> From: freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org] On Behalf Of Max Schröder
>> Sent: Friday, February 11, 2011 2:31 PM
>> To: FreeRadius users mailing list
>> Subject: Re: Freeradius + LDAP for WPA-Enterprise
>> 
>> Gary Gatten wrote:
>>> You forced ALL Authentication requests to use LDAP.  EAP / LDAP don't play well together.  Remove the "Auth Type LDAP" - for now.
>>> 
>> If I remove that the radtest failed for a LDAP-User. It returns a
>> rejected Message.
>>> As for accomplishing your goal, unfortunately others will have to help you with that - I don't know FR/LDAP/EAP well enough.  But, I don't THINK you can authenticate EAP requests against LDAP directly because of the "no clear text password" issue.
>>> 
>> How else would you authenticate a WPA(2)-Enterprise with Radius using
>> LDAP-Accounts?
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>> 
>> 
>> 
>> 
>> 
>> <font size="1">
>> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
>> </div>
>> "This email is intended to be reviewed by only the intended recipient
>>  and may contain information that is privileged and/or confidential.
>>  If you are not the intended recipient, you are hereby notified that
>>  any review, use, dissemination, disclosure or copying of this email
>>  and its attachments, if any, is strictly prohibited.  If you have
>>  received this email in error, please immediately notify the sender by
>>  return email and delete this email from your system."
>> </font>
>> 
>> 
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list