EAP-GTC w/ "PAP-like" LDAP authentication

Alan DeKok aland at deployingradius.com
Sun Jan 27 20:17:58 CET 2019

On Jan 27, 2019, at 12:43 PM, Ian Pilcher <arequipeno at gmail.com> wrote:
> I am struggling to find documentation of how to set up $SUBJECT.
> I've got FreeRADIUS working with both PEAP/MSCHAPv2 and (P)EAP-GTC using
> a file-based test user, but the number of different protocols and
> configurations supported and documented in the config files means that I
> haven't been able to figure out how to achieve what I want.

  (a) Make sure PEAP works with certificates.

  (b) configure and enable LDAP.  See mods-available/ldap

  Once the LDAP module is available, the server will automatically use it.

  And, the server will automatically grab passwords from LDAP.  And, the server will automatically use those passwords to do EAP-GTC.

  It really is that easy.  The key thing is to *let the server do the work*.  Don't try to "force" a particular kind of authentication.  EAP doesn't work that way.

  If you're using Active Directory, it's harder.  Because Active Directory isn't a real LDAP server.

  It also helps to describe what you've done, what happened, and why you think it's wrong.  Otherwise, we're limited to:

Q: I tried stuff and it doesn't work.  What do I do?
A: Try different stuff

  Which isn't helpful to anyone.  Better questions means better answers.

  Alan DeKok.

More information about the Freeradius-Users mailing list