Working settings I will be stating the changes from the default settings that I made to get it to work. All file names are followed by a colon :
<<<<< = notes changes ****First you must have your ldap server store password in clear text. They CANNOT be hashed in any way**** eap.conf: default_eap_type = peap <<<<< ldap.attrmap: checkItem Cleartext-Password userPassword <<<<< (this entire line was added to the top of the list) inner-tunnel: # The ldap module will set Auth-Type to LDAP if it has not # already been set ldap <<<<<(this must be uncommented) ldap: ldap { # # Note that this needs to match the name in the LDAP # server certificate, if you're using ldaps. server = "xxx.xxx.xxx" <<<<<(your ldap server) identity = "uid=xxx,ou=xxx,ou=TopologyManagement,o=xxx" <<<<<(your ldap admin user) password = xxxxx <<<<<(your ldap admin password) basedn = "dc=xxx,dc=xxx" <<<<<(your base dn) filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" mschap: use_mppe = yes<<<<<(not sure if this is needed but I changed it from no to yes) with_ntdomain_hack = yes<<<<<(not sure if this is needed but I changed it from no to yes) default: # The ldap module will set Auth-Type to LDAP if it has not # already been set ldap<<<<<(uncomment) These are all of the setting that I changed to get Windows 7/Vista x64 > WPA2 > freeradius > 389-DS(Fedora Directory Server) to work -----Original Message----- From: freeradius-users-bounces+midnightsteel=msn....@lists.freeradius.org [mailto:freeradius-users-bounces+midnightsteel=msn....@lists.freeradius.org] On Behalf Of Maurice James Sent: Thursday, October 28, 2010 4:37 PM To: 'FreeRadius users mailing list' Subject: RE: Wireless WPA2 enterprise Radius authentication OK gentlemen, After many sleepless nights I finally got it working. I was almost in tears (lol) but its done. Full authentication and authorization for a mix of Windows7 x64/Vista x64 clients using WPA2 Enterprise, Freeradius, 389-DS(Fedora Directory Services). I will post the configs in a follow-up email. Special thanks to the following John Dennis Sven Hartge Phil Mayers Thanks guys MCITP Enterprise + Server GIAC Security Leadership Certification (GSLC) -----Original Message----- From: freeradius-users-bounces+midnightsteel=msn....@lists.freeradius.org [mailto:freeradius-users-bounces+midnightsteel=msn....@lists.freeradius.org] On Behalf Of John Dennis Sent: Wednesday, October 27, 2010 8:54 PM To: FreeRadius users mailing list Subject: Re: Wireless WPA2 enterprise Radius authentication On 10/27/2010 07:56 PM, Maurice James wrote: > I will give it another try. I've been trying to the last hour to get > the clear text password policy to stick to a user. Every time I run > the radius debug I see hashed value passed from LDAP. I have to search > online for the instructions on how to get 389-ds server to use clear > text. Thanks for all the help and advice all. This is one of the most > responsive lists that I have ever been a member of 389-ds has most all the features I mentioned. The Administrators Guide is your friend. 389-ds doc can be found here: http://directory.fedoraproject.org/wiki/Documentation#389_Documentation The Administrators Guide can be found here: http://www.redhat.com/docs/manuals/dir-server -- John Dennis <jden...@redhat.com> Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html