EAP-GTC w/ "PAP-like" LDAP authentication
Ian Pilcher
arequipeno at gmail.com
Mon Jan 28 20:52:03 CET 2019
First, apologies for breaking threading. (I had mail delivery turned
off, and Gmane's feed seems to be broken, so I'm cutting & pasting from
the archive.)
> Alan DeKok aland at deployingradius.com Sun Jan 27 20:17:58 CET 2019
>
> (a) Make sure PEAP works with certificates.
Done. I've verified with tcpdump/Wireshark that the correct certificate
is being used.
> (b) configure and enable LDAP. See mods-available/ldap
Done.
> Once the LDAP module is available, the server will automatically use
> it.
It's trying, but failing.
(0) ldap: WARNING: No "known good" password added. Ensure the admin
user has permission to read the password attribute
> And, the server will automatically grab passwords from LDAP. And,
> the server will automatically use those passwords to do EAP-GTC.
It will try, but it will fail, because it doesn't have permission to
read passwords/hashes from LDAP.
I need to configure FreeRADIUS to bind *as the user* to LDAP. If the
bind succeeds then the authentication succeeds.
> It also helps to describe what you've done, what happened, and why
> you think it's wrong. Otherwise, we're limited to:
>
> Q: I tried stuff and it doesn't work. What do I do? A: Try different
> stuff
>
> Which isn't helpful to anyone. Better questions means better
> answers.
Fair enough. This seems like it would be such a common configuration
that I would have thought that it would be documented somewhere.
--
========================================================================
Ian Pilcher arequipeno at gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================
More information about the Freeradius-Users
mailing list