FreeRADIUS using OpenLDAP Security

John McCarthy midactsmystery at gmail.com
Fri Jul 18 18:00:27 CEST 2014


Hey Guys,

I am running FreeRADIUS 3.0.3, OpenLDAP version 2.4.39. Both my openldap
and freeradius servers are using start_tls. I have configured the
freeradius server to use ldap and have verified that everything is working
using `radiusd -XXX` and then `radtest username password localhost 18120
testing123`.

So here is my setup. I have a Ubiquiti Unifi Access Point that I am using
WPA-Enterprise on. I have the Unifi AP pointing to the FreeRADIUS server
and using the correct secret. And on my FreeRADIUS server, I have the Unifi
AP setup as a client with the same secret.

When I connect to my Unifi AP from a wireless device, I select EAP-TTLS and
PAP.

So here is my question: is this setup the norm? Is this secure enough?
would you use a setup like this in a production environment,

I just want to make sure im not forgetting some loophole or something. I am
also wanting to make sure traffic from the Freeradius server to the LDAP
server cannot be "sniffed" and traffic from the freeradius server to the
unifi AP cant be "sniffed". I've checked places like this post:
http://freeradius.1045715.n5.nabble.com/How-secure-is-the-radius-encryption-td5615830.html

And it looks to me like my setup is setup correctly for what I am looking
for.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140718/09603c5a/attachment.html>


More information about the Freeradius-Users mailing list