Matt Ashfield wrote:
I have LDAP configured and can do a cleartext radius authentication using
username/passwords (using radtest). What I'd like to do is take the next
step and do 802.1x authentication for my windows clients and I suppose
that's where I was hoping to find some cleancut instructions on this as I've
seen quite a bit of threads concerning this but as mentioned in my initial
email, they can be tough to follow.
It's really very simple. If you have users of the form:
dn: cn=username,ou=whatever,dc=domain,dc=com
objectClass: inetOrgPerson-or-whatever
cn: username
userPassword: theplaintextpass
...just set FR like so:
modules {
ldap {
server = foo
basedn = bar
# other attributes
password_attribute = userPassword
}
}
authorize {
preprocess
chap
mschap
eap
ldap
}
authenticate {
Auth-Type MS-CHAP {
mschap
}
Auth-Type CHAP {
chap
}
eap
}
If your userPassword are something like:
userPassword: {crypt}=3115313652
clearTextPass: {clear}theplaintext
..you would use
modules {
ldap {
password_header = "{clear}"
password_attribute = clearTextPass
}
}
...and so on.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html