pam_ldap and 802.1x environment
Phil Mayers
p.mayers at imperial.ac.uk
Tue Jan 3 10:19:18 CET 2012
On 01/02/2012 11:45 PM, Thorsten Scherf wrote:
> Hey,
>
> this is a comprehension question. When I have a ldap directory to
> authenticate users with pam_ldap when they login to their local
> workstations, how can I secure network access with radius?! I mean,
> isn't that a chicken egg problem? How would I be able to talk to the
> ldap server before I sucessfully authenticated against Radius? For sure
> I do miss something, would be great if somebody could enlighten me. :)
If you want to use the login credentials to speak 802.1x, it can't be
done currently, as far as I know; you would need some kind of PAM module
that spoke to the system 802.1x supplicant. As far as I'm aware, there
is no such module.
This can be done under Windows.
Alternatively, you could just use a "machine-specific" account to
perform 802.1x. This can be done today with NetworkManager and a
"system" connection profile. This eliminates the chicken/egg issue.
Anyway, this is not a FreeRADIUS question - you should ask around the
PAM lists, or maybe ask the Gnome/NetworkManager guys.
More information about the Freeradius-Users
mailing list