How to make EAP-TTLS work with ldap ?

anindya.mukherjee at wipro.com anindya.mukherjee at wipro.com
Thu Sep 25 18:29:04 CEST 2014


Hello

I am a new user of Freeradius and my goal is to set up a freeradius server for wifi access control, which can look up users from an openldap database. I have set the default eap type as ttls with additional ldap configurations,  as well as added the radius schema to openldap and have created necessary attributes for the user entries.  I am using eapol_test to test the server and so far have managed to do basic PAP authentication and EAP-TTLS(MD5) against local user file. My problem is, the inner tunnel eap only works with ldap password hashes when the inner eap is set as MSCHAPV2, otherwise MD5 throws the error "rlm_eap_md5: Cleartext-Password is required for EAP-MD5 authentication". So to make TTLS-EAP work with ldap, I have to use MSCHAPV2, and to make MSCHAPV2 work, I have to keep sambaNTPassword attribute in the ldap database. And every time an user changes their password, both sambaNTPassword and userPassword attributes have to be changed. Is there a way to make inner tunnel work with ldap userPassword attribute ? I'm sorry if I sound stupid, but I really need to know what I'm doing wrong.

Thanks in Advance

Anindya Mukherjee


The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.

www.wipro.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140925/08b0d310/attachment-0001.html>


More information about the Freeradius-Users mailing list