moving from WPA2 to WPA2 Enterprise
Jochen Demmer
jochen.demmer at peakwork.com
Thu Jun 25 13:31:50 CEST 2015
Does someone maybe have a good howto for my scenario? Freeradius 3 +
OpenLDAP with MSCHAPv2 and NTLM based passwords, which are by the way
stored in an attibute called sambaNTPassword.
I keep trying to setup Radius 3 but it keeps saying:
Thu Jun 25 13:06:19 2015 : Info: rlm_ldap (ldap): 0 of 8 connections in
use. Need more spares
Thu Jun 25 13:06:19 2015 : Info: rlm_ldap (ldap): Opening additional
connection (8)
I've just configured the ldap module and also activated it. Also I have
added a client so far.
Do I have to install this radius schema into my LDAP backend if I'm
going with the LDAP connection?
I thought ideally the user is checked and additionally if he belongs to
some group to have access control.
Thank you
Am 23.06.2015 um 23:35 schrieb A.L.M.Buxey at lboro.ac.uk:
> Hi,
>
>> So EAP-TTLS windows 7 doesn't support out of the box, right?
> correct. Windows 8 and above...
>
>> What other options are there? My feeling the second best option is to use client certificates. But would I still be able to use openldap in the background?
> yes....if the client certs have identifiable attributes in them that can be checked against
> your LDAP - eg username is embedded in the CommonName..or use one of the other cert fields for
> options in your LDAP etc
>
>> What about revocation lists? How do I take care of them?
> CRL or OSCP - I'd go down the OSCP route myself...
>
>> Maybe there's another way. Our ldap also stores ntlm passwords for samba.
> in that case, use that attribute for the authentication....once the FreeRADIUS server
> has read that, then you can use EAP-PEAP/MSCHAPv2 and your life will be simpler
>
> alan
--
Peakwork Signature
*Jochen Demmer*
Network Administrator
T: +49-(0)241-4131146-29
jochen.demmer at peakwork.com
peakwork AG | Sonnenweg 15 a | D-52070 Aachen | T: +49-(0)241-4131146-29
| F: +49-(0)241-4131146-17
peakwork AG (Headquarter) | Flinger Str. 36 | D-40213 Düsseldorf | T:
+49-(0)211-91368-500 | F: +49-(0)211-91368-509
Executive board: Ralf Usbeck (chairman) | Markus Pfau | Michael Schmidt
| Dr. Thomas van Kaldenkerken
Chairman of the supervisory board: Markus Voelkel
Company register: Amtsgericht Düsseldorf HRB 71223 | VAT ID.: DE264960677
Peakwork Logo
www.peakwork.com | www.peakwork.de
More information about the Freeradius-Users
mailing list