moving from WPA2 to WPA2 Enterprise

Alan DeKok aland at deployingradius.com
Thu Jun 25 15:05:59 CEST 2015


On Jun 25, 2015, at 7:31 AM, Jochen Demmer <jochen.demmer at peakwork.com> wrote:
> Does someone maybe have a good howto for my scenario? Freeradius 3 + OpenLDAP with MSCHAPv2 and NTLM based passwords, which are by the way stored in an attibute called sambaNTPassword.

  That should work.  Take the default configuration.  Enable the LDAP module.  Configure the LDAP module to talk to OpenLDAP.  MS-CHAP will work.

> I keep trying to setup Radius 3 but it keeps saying:
> 
> Thu Jun 25 13:06:19 2015 : Info: rlm_ldap (ldap): 0 of 8 connections in use.  Need more spares
> Thu Jun 25 13:06:19 2015 : Info: rlm_ldap (ldap): Opening additional connection (8)

  It says rather a lot more than that.  The point of the debug log is to read *all* of it.

> I've just configured the ldap module and also activated it. Also I have added a client so far.

  Then post the full debug log.  If authentication fails, the debug log will say why.

> Do I have to install this radius schema into my LDAP backend if I'm going with the LDAP connection?

  No.

> I thought ideally the user is checked and additionally if he belongs to some group to have access control.

  That's easy.  Read http://wiki.freeradius.org/modules/Rlm_ldap

  Look for "group".

  Alan DeKok.




More information about the Freeradius-Users mailing list