WPA2 Client Authentication using Radius and remote LDAP server

daada muyiwa daada.muyiwa at yahoo.com
Wed Sep 19 11:04:24 CEST 2018


 Is it an actual LDAP server?  Or is it Active Directory?       
 ''Active directory''

>Allow FreeRADIUS to read the "known good" password from LDAP, and it will Just Work.

How do I make Freeradius decrypt the EAP request and query the AD with the clear text password in order to authenticate a user.
Muyiwa    On Tuesday, September 18, 2018, 4:13:12 PM GMT+1, Alan DeKok <aland at deployingradius.com> wrote:  
 
 On Sep 18, 2018, at 10:58 AM, daada muyiwa via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
> I have been trying to set up Freeradius to remotely query an LDAP server when it gets authentication requests from a Wireless LAN Controller.

  Is it an actual LDAP server?  Or is it Active Directory?

> I have been able to test that the Freeradius Server can communicate with the LDAP Server by using a Radtest tool (I get the access-accept reply) but when I try to query the remote LDAP server with requests from the Wireless LAN controller I get the following response:
> [ldap] No default NMAS login sequence[ldap] looking for check items in directory...[ldap] looking for reply items in directory ...WARNING: No ''known good'' password was found in LDAP. Are you sure that the user has been configured properly?

  Yes... you should read the debug output to see what else is going on.

> Not sure if its the EAP section of the request that has issues.

  The LDAP server is configured to not return the "known good" password to FreeRADIUS.  And, you've configured FreeRADIUS to use "ldap" for authentication.

  Don't do that.  LDAP is a database.  It doesn't implement EAP.  FreeRADIUS is an authentication server.  It implements EAP.

  Allow FreeRADIUS to read the "known good" password from LDAP, and it will Just Work.

  Alan DeKok.



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html  


More information about the Freeradius-Users mailing list