AP->FR->LDAP authentication
Fajar A. Nugraha
list at fajar.net
Sat Mar 17 09:07:35 CET 2012
On Sat, Mar 17, 2012 at 11:54 AM, Julie Chen <chenj at ssc.ucla.edu> wrote:
>
> Yes, I understand that. But I'm having little problem figure out right
> configuration. Would someone please advice on the configuration file?
I'd start with reading this: http://wiki.freeradius.org/Protocol%20Compatibility
(or the original page in deplyingradius.com). Since you have crypt
password, you can only use PAP, EAP-GTC, or TTLS-PAP.
>
> [pap] WARNING: Auth-Type already set. Not setting to PAP
> ++[pap] returns noop
> Found Auth-Type = MSCHAP
The client chooses what authentication method to use. You need to tell
the client NOT to use EAP-PEAP-MSCHAPv2 (which is the default one that
windows client would use), and use TTLS-PAP or EAP-GTC instead.
The bad news is that none of those two is natively supported by
windows <=7. You need to either:
- get a third-party supplicant (e.g. windows version of
wpa-supplicant, xsupplicant, or securew2). OR
- use another method to store your users crededential, either storing
the password in plain text or NT-HASH, or use AD.
> # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
>
> I'm using the default inner-tunnel just added ldap at the authorize.
That's the correct way to configure the server. No need to change that.
--
Fajar
More information about the Freeradius-Users
mailing list