freeradius 3 + OPENLDAP

Marcos Renato da Silva Junior marcos.silva at unesp.br
Wed Nov 14 18:34:34 CET 2018


If you are doing a fresh installation maybe you can try something like a 
combination of openldap with smbldap-tools generating ssha and nt hash 
passwords. do not forget to uncomment in the 
/etc/freeradius/3.0/mods-available/ldap file:                 control: 
NT-Password: = 'sambaNTPassword'                 control: LM-Password: = 
'sambaLMPassword'

Em 14/11/2018 14:37, Eyal Zarchi escreveu:
> Do i need to use mschap for windows connection to wifi via freeradius and
> openldap?
> Cant i force the use of regular ldap connection just like the radtest?
>
> Its either modify the ldap server or uae the user file?
>
> On Wed, Nov 14, 2018, 18:29 Adam Bishop <Adam.Bishop at jisc.ac.uk wrote:
>
>> On 14 Nov 2018, at 16:21, Eyal Zarchi <eyalz at qwilt.com> wrote:
>>> But as soon as I add the MSCHAP option (although I have no windows
>> domain),
>>
>> You can't use mschap with sha passwords. See the compatibility table:
>>
>>    http://deployingradius.com/documents/protocols/compatibility.html
>>
>> If you want to use mschap, you need to make sure you add nt hashes to your
>> ldap directory, or store plain passwords.
>>
>> Adam Bishop
>>
>>    gpg: E75B 1F92 6407 DFDF 9F1C  BF10 C993 2504 6609 D460
>>
>> jisc.ac.uk
>>
>> Jisc is a registered charity (number 1149740) and a company limited by
>> guarantee which is registered in England under Company No. 5747339, VAT No.
>> GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill,
>> Bristol, BS2 0JA. T 0203 697 5800.
>>
>> Jisc Services Limited is a wholly owned Jisc subsidiary and a company
>> limited by guarantee which is registered in England under company number
>> 2881024, VAT number GB 197 0632 86. The registered office is: One Castle
>> Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Marcos Renato da Silva Junior
Universidade Estadual Paulista - Unesp
Faculdade de Engenharia de Ilha Solteira - FEIS
Departamento de Engenharia Elétrica - DEE
15385-000 - Ilha Solteira/SP
(18) 3743-1164



More information about the Freeradius-Users mailing list