AP->FR->LDAP authentication
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Sat Mar 17 13:07:27 CET 2012
Hi,
> I'm new to FreeRadius and trying to setup the server to authenticate using
> LDAP. I'm having some problem and hope to get some help from the list.
if your clients are doing EAP-TTLS/PAP then this will work - the PAP
module can deal the requirements.
if, as i suspect, you are using PEAP (PEAPv0/MSCHAPv2) then you cannot use
{crypt} from the LDAP - you will either have to expose the passwords as cleartext
in LDAP or use NT HASH instead (i'd personally go for the latter).
what is your backend system - AD? as you might be going about it the wrong
way...if its AD, then bind the FR server into your AD (following the plenty
of examples eg www.deployingradius.com ) - and use ntlm_auth in the mschap
module to do the authentication - you can still use LDAP for finding what group
people belong to for eg VLAN override...
alan
More information about the Freeradius-Users
mailing list