Re: Secure FreeRADIUS LDAP
Thanks, i've got it working. Does it work by comparing the generated hash with the hash in the ldap backend? t...@kalik.net 23/02/2009 9:02 pm Does freeradius support SHA hashed passwords (on ldap backend)? Yes. This is documented in doc/rlm_ldap included with the server. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been virus scanned and although no viruses were detected by the system, St Vincents Mater Health Sydney accepts no liability for any consequential damage resulting from email containing any computer viruses. ** - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Secure FreeRADIUS LDAP
Does freeradius support SHA hashed passwords (on ldap backend)? Yes. This is documented in doc/rlm_ldap included with the server. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Secure FreeRADIUS LDAP
Does freeradius support SHA hashed passwords (on ldap backend)? danhaw...@googlemail.com 20/02/2009 10:36 pm Cool, thanks for the info Ivan. Will give it a go and report back Thanks again Dan 2009/2/20 t...@kalik.net: # Can freeradius talk to the ldap box using TLS/SSL (ldaps) Yes. See tls section in ldap module. # Can freeradius read hashed credentials from the LDAP store and then actually use them??? Yes. You will have to enable auto-headers in pap module if you are storing them with headers in userPassword. # There may be a requirement to use certificates for auth, can the ldap/freeradius module handle certs??? Yes. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- -- Dan Hawker danhaw...@googlemail.com 07773 348975 -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been virus scanned and although no viruses were detected by the system, St Vincents Mater Health Sydney accepts no liability for any consequential damage resulting from email containing any computer viruses. ** - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Secure FreeRADIUS LDAP
Hi All, I used to use FreeRADIUS *years* back (iirc pre v1) on Linux and it worked rather well :) Not touched it since, however have just started a new contract and there is a requirement to use a RADIUS server to connect to our LDAP box (Red Hat Dir Server) to in turn authenticate some users/equipment that can't auth directly, but due to the nature of the environment, all datastores and comms have to be secured/encrypted. As the host will be RHEL5, FreeRADIUS would seem the ideal candidate (comes with it, although a rather ancient 1.1.3 version by default, can upgrade if needed), however before I start installing and testing, wondered whether it will satisfy the secure part of the requirements. So... My questions... # Can freeradius talk to the ldap box using TLS/SSL (ldaps) # Can freeradius read hashed credentials from the LDAP store and then actually use them??? # There may be a requirement to use certificates for auth, can the ldap/freeradius module handle certs??? Am sure there will be other issues/questions but until then. TIA Dan -- -- Dan Hawker danhaw...@googlemail.com -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Secure FreeRADIUS LDAP
# Can freeradius talk to the ldap box using TLS/SSL (ldaps) Yes. See tls section in ldap module. # Can freeradius read hashed credentials from the LDAP store and then actually use them??? Yes. You will have to enable auto-headers in pap module if you are storing them with headers in userPassword. # There may be a requirement to use certificates for auth, can the ldap/freeradius module handle certs??? Yes. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Secure FreeRADIUS LDAP
Cool, thanks for the info Ivan. Will give it a go and report back Thanks again Dan 2009/2/20 t...@kalik.net: # Can freeradius talk to the ldap box using TLS/SSL (ldaps) Yes. See tls section in ldap module. # Can freeradius read hashed credentials from the LDAP store and then actually use them??? Yes. You will have to enable auto-headers in pap module if you are storing them with headers in userPassword. # There may be a requirement to use certificates for auth, can the ldap/freeradius module handle certs??? Yes. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- -- Dan Hawker danhaw...@googlemail.com 07773 348975 -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Secure FreeRADIUS LDAP
Dan Hawker wrote: Hi All, I used to use FreeRADIUS *years* back (iirc pre v1) on Linux and it worked rather well :) Not touched it since, however have just started a new contract and there is a requirement to use a RADIUS server to connect to our LDAP box (Red Hat Dir Server) to in turn authenticate some users/equipment that can't auth directly, but due to the nature of the environment, all datastores and comms have to be secured/encrypted. As the host will be RHEL5, FreeRADIUS would seem the ideal candidate (comes with it, although a rather ancient 1.1.3 version by default, can upgrade if needed), however before I start installing and testing, wondered whether it will satisfy the secure part of the requirements. Yes, the FreeRADIUS version on RHEL5 is quite old, we're working to get a current version into the next RHEL update, until such time you can build and install the latest (2.1.3) by following instructions here: http://wiki.freeradius.org/Red_Hat_FAQ So... My questions... # Can freeradius talk to the ldap box using TLS/SSL (ldaps) yes # Can freeradius read hashed credentials from the LDAP store and then actually use them??? yes # There may be a requirement to use certificates for auth, can the ldap/freeradius module handle certs??? yes Am sure there will be other issues/questions but until then. TIA Dan -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html