On 19/04/11 13:55, Alexandros Gougousoudis wrote:
Hi,
with my FR 1.x installation I'am authenticating via EAP-TLS Computers
against my Switches. User are authenticated with PEAP, all are held in
the users-textfile in $RADDB/users
EAP-TLS and PEAP are different.
Which do you mean?
But with rising number of PCs and Users the edit of the users file is a
bit uncomfortable. I want to upgrade everything to FR 2.1 on my
Debian-Squeeze-Box, using LDAP, because I have already all Users and PCs
in my OpenLDAP (for the use of Samba).
Don't do both at once.
First upgrade to 2.1
Then implement LDAP.
I'am a bit unsure about the doc, which says no EAP-TLS while using LDAP
and no crypted passwords. If I read here, I have the impression that
this is something what some people already do.
EAP-TLS doesn't use passwords. It uses client certificates.
PEAP requires plaintext or NT passwords.
Which do you mean?
I like to authenticate PCs with EAP-TLS, which are in the LDAP List by
name, there is no need to extract an cert from the LDAP-Tree. Just check
the name and if the cert matches to the server-cert the access is
granted. As I already do now.
Can you show us an example of what you have now? One of the entries from
your "users" file?
The users should be checked by uid and the password should be checked,
but I have of course no cleartext-password in my LDAP, they are all
crypt or MD5 (depends on tree).
EAP-TLS doesn't use passwords.
Is this possible or not?
Your query doesn't make sense.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
