Re: Wireless authentication via LDAP and PEAP

[Jon Stahler]

Jon Stahler Manager of Systems Services Illinois Fire Service Institute 11 Gerty Drive Champaign, IL 61820 (217) 333-2163 >>> [EMAIL PROTECTED] 9/8/2004 3:18:45 PM >>> "Jon Stahler" <[EMAIL PROTECTED]> wrote: > I've been trying to setup FreeRadius in order to authenticate my > wireless users against my Novell eDirectory via the built in LDAP > server. >  You can't, it's impossible.  LDAP doesn't do EAP, and will never do >EAP. >  Instead, put clear-text passwords into LDAP, list "ldap" in the >"authorize" section of "radiusd.conf", and let the server figure it >out.  It WILL work.   Ok...So explain to me how I get my Access Point to authenticate against my eDirectory users.  If LDAP won't do it, what WILL?  Why does it authenticate successfully against my LDAP server and respond with authenticate OK if this is not the case?  How should I modify my setup to do what you are asking.  Please use small words and be patient with me as I am a new to this.   Input clear-text passwords into LDAP how exactly?  The passwords come from eDirectory.  I don't directly manage the LDAP server.  It is automated.  Is there a specific attribute I need to populate with data from my eDirectory?  I can add attributes to the server if this is necessary. > On the Radius screen, I see that the request is sent to the LDAP > server.  The EAP module of FreeRadius responds OK over and over and over > again infinitely until I either kill my wireless connection or the > server thread.   There's a lot more detail than that, usually.  Buried somewhere in that log is the real reason why it's failing. > I have only uncommented PEAP and MSCHAPV2 in my EAP.CONF file.   In order for PEAP to work, you also need to configure the tls{} section of eap.conf.   Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html