Thank Guy, but where I configure ( what file ?) in freeRadius to use NT-LM when it to query server ldap ??
thank 2011/3/12 Guy <g...@britewhite.net> > > > ---Guy > > Sent from my iPad > > On 12 Mar 2011, at 20:06, Usuário do Sistema <maico...@ig.com.br> wrote: > > Hello, I'm new at the Freeradius and I'm deploying it with EAP-TLS to > authenticate my Wireless users which will be authenticated against a > OpenLDAP base. > > > I'm using freeradius2 and when I make a test from other linux machine with > command "radtest joao.vero jango123 128.2.100.131 2 meleca" it's working as > follow out > > Sending Access-Request of id 45 to 128.2.100.131 port 1645 > User-Name = "joao.vero" > User-Password = "jango123" > NAS-IP-Address = 255.255.255.255 > NAS-Port = 2 > rad_recv: Access-Accept packet from host 128.2.100.131:1645, id=45, > length=20 > > But, when I'm going to authenticate wireless users from Win7 ( with > EAP-TLS, I'm using the test certificate from /etc/raddb/certs/..) It isn't > working. it's appear in log: > > TLS Alert read:fatal:unknown CA > TLS_accept:failed in SSLv3 read client certificate A > rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert > unknown ca > SSL: SSL_read failed inside of TLS (-1), TLS session fails. > TLS receive handshake failed during operation > > What I did until at the moment in ralation EAP-TLS: > > I've configured the eap.conf file to read the certificates from > /etc/raddb/certs/... > I've create the user certificate ( as shows README in /etc/raddb/certs ) > I've copied and installed two certificates to user machine: cliente.p12 and > ca.der. the first as personal and the last as Trusted Root > Certification Authorities > > I wish to use LDAP for authenticate my users but seems that User-Password > must be Clear text. there is possible reach EAP-TLS with LDAP?? > > What I have do ?? > > any help is welcome > > Thank! > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > You have an issue with the cert, the cert the client is sending back is not > recognised by free radius.. > > As for authenticating you can do this without clear text but you'll need to > use NT-LM. With which you use samba to create NTSambaPassword in the LDAP > database which it can auth with. > > You will likely have to extend the schema for your LDAP server.. Though > that's quite well documented for adding in Samba support. > > Thanks > > --Guy > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html