Radius and Ldap Authentication problem
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Thu Jan 16 12:58:15 CET 2014
On 16 Jan 2014, at 11:24, 亚坤 李 <liyakun127 at hotmail.com> wrote:
> Hello all,
>
> I set a radius server for wifi authentication, I can log in wifi by username and password in radius server user file using mobile phone.
> Then, I need to use ldap server as the backend database for user authentication, I can use radtest on radius to connect with ldap server
> successfully. However I can not log in to wifi by the username and password stored in ldap server.
>
> As mschapv2 is not supported by ldap, so I use ttls as the default peap method. The ldap server will only give me the information about accept
> or reject, but it would not reply me with a password. If possible, can anyone tell me the authentication process between ldap server and radius server.
>
> All of the above are the problem what I encountered by now, can anyone help with this, this problem really drive crazy, Thanks.
If you're using TTLS-PAP then you can use LDAP as an authentication module. It will use the plaintext password sent in the TLS tunnel to bind against the LDAP directory.
If you're using OpenLDAP, or eDirectory or another LDAP server which supports retrieving credentials in the clear (i.e. not Active Directory) and actually have the passwords stored in cleartext (instead of a hash), they can be retrieved by binding as an LDAP user with sufficient privileges.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140116/67f42afe/attachment.pgp>
More information about the Freeradius-Users
mailing list