moving from WPA2 to WPA2 Enterprise

Jochen Demmer jochen.demmer at peakwork.com
Thu Jun 25 13:31:50 CEST 2015


Does someone maybe have a good howto for my scenario? Freeradius 3 + 
OpenLDAP with MSCHAPv2 and NTLM based passwords, which are by the way 
stored in an attibute called sambaNTPassword.
I keep trying to setup Radius 3 but it keeps saying:

Thu Jun 25 13:06:19 2015 : Info: rlm_ldap (ldap): 0 of 8 connections in 
use.  Need more spares
Thu Jun 25 13:06:19 2015 : Info: rlm_ldap (ldap): Opening additional 
connection (8)

I've just configured the ldap module and also activated it. Also I have 
added a client so far.

Do I have to install this radius schema into my LDAP backend if I'm 
going with the LDAP connection?
I thought ideally the user is checked and additionally if he belongs to 
some group to have access control.

Thank you


Am 23.06.2015 um 23:35 schrieb A.L.M.Buxey at lboro.ac.uk:
> Hi,
>
>> So EAP-TTLS windows 7 doesn't support out of the box, right?
> correct. Windows 8 and above...
>
>> What other options are there? My feeling the second best option is to use client certificates. But would I still be able to use openldap in the background?
> yes....if the client certs have identifiable attributes in them that can be checked against
> your LDAP - eg username is embedded in the CommonName..or use one of the other cert fields for
> options in your LDAP etc
>
>> What about revocation lists? How do I take care of them?
> CRL or OSCP - I'd go down the OSCP route myself...
>
>> Maybe there's another way. Our ldap also stores ntlm passwords for samba.
> in that case, use that attribute for the authentication....once the FreeRADIUS server
> has read that, then you can use EAP-PEAP/MSCHAPv2 and your life will be simpler
>
> alan

-- 
Peakwork Signature

*Jochen Demmer*
Network Administrator
T: +49-(0)241-4131146-29
jochen.demmer at peakwork.com

peakwork AG | Sonnenweg 15 a | D-52070 Aachen | T: +49-(0)241-4131146-29 
| F: +49-(0)241-4131146-17

peakwork AG (Headquarter) | Flinger Str. 36 | D-40213 Düsseldorf | T: 
+49-(0)211-91368-500 | F: +49-(0)211-91368-509

Executive board: Ralf Usbeck (chairman) | Markus Pfau | Michael Schmidt 
| Dr. Thomas van Kaldenkerken
Chairman of the supervisory board: Markus Voelkel
Company register: Amtsgericht Düsseldorf HRB 71223 | VAT ID.: DE264960677

Peakwork Logo
www.peakwork.com | www.peakwork.de



More information about the Freeradius-Users mailing list