Freeradius 3.x with LDAP authentication

Mohd Akhbar mymohaja at gmail.com
Tue Aug 15 03:53:11 CEST 2017


I think AD(or SMB) and FR are much easier to setup as it is lots of
guide/reference on the net compared to LDAP. AD also provide features for
NAC if your environment are mostly Microsoft OSes and sorts. Or so I was
made to believe...

If you going for LDAP + FR, from my previous task, you have to
look/tweak/change the eap.conf & modules/ldap and test before looking any
further editing other confs. As most ldap setting uses hashes instead of
plain-text, only EAP-TTLS + PAP (works for me with FR 2.2 + 389 Directory)
and EAP-GTC would work according to Alan's blog
<http://deployingradius.com/documents/protocols/compatibility.html>.
Whatever it is radiusd -X is your best friend in debugging/troubleshooting
your setup.

One more thing, if you're using EAP-TTLS, you'll have to deploy a
configuration profile for iPhone & Macs via Apple Configurator as it is not
supported by default like Windows 10 and Androids.

Cheers from a week old FR newbie. :)




On Tue, Aug 15, 2017 at 5:56 AM, Matthew Newton <
matthew at newtoncomputing.co.uk> wrote:

>
>
> On 14 August 2017 22:51:27 BST, Alan Buxey <alan.buxey at gmail.com> wrote:
> >+1 for Matthews answer , use the winbind module for the authentication
>
> One day maybe I'll fix that... as I also can't remember my own code.
>
> It's the winbind module for pap, which you don't want. Use the winbind
> option of the mschap module. Or the traditional ntlm_auth way.
>
> --
> Matthew
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>


More information about the Freeradius-Users mailing list