Eap ttls and LDAP
Hi, I am using freeradius 0.9.3 on a linux box I have found the eap_ttls module in the CVS tree How to install it ??? Can anyone can explain me the interest to use EAP TTLS + LDAP I dont want to use personnal certificate but only the login and ldap passwd of the personn Is TTLS+LDAP it a good solution to do that ??? Anyone have test it ??? Any recommandations ??? Thanx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Eap ttls and LDAP
On Wed, 10 Dec 2003, Arthur EBEL wrote: Hi, I am using freeradius 0.9.3 on a linux box I have found the eap_ttls module in the CVS tree How to install it ??? ./configure make make install Can anyone can explain me the interest to use EAP TTLS + LDAP I dont want to use personnal certificate but only the login and ldap passwd of the personn Is TTLS+LDAP it a good solution to do that ??? Yes it is. Anyone have test it ??? Any recommandations ??? It works out of the box. Just uncomment the necessary modules in the authorize/authenticate sections and configure the eap(tls/ttls) and ldap modules. Thanx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Eap ttls and LDAP
Kostas Kalevras [EMAIL PROTECTED] wrote: I am using freeradius 0.9.3 on a linux box I have found the eap_ttls module in the CVS tree How to install it ??? ./configure make make install And watch the server dies as soon as it receives an EAP-TTLS request. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Eap ttls and LDAP
Arthur EBEL [EMAIL PROTECTED] wrote: I am using freeradius 0.9.3 on a linux box I have found the eap_ttls module in the CVS tree How to install it ??? You install a snapshot. You can't use EAP-TTLS with 0.9.3. I dont want to use personnal certificate but only the login and ldap passwd of the personn EAP-TTLS doesn't require personal certificates. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Configuration questions for FreeRadius with EAP/TTLS and LDAP
Nic Bernstein [EMAIL PROTECTED] wrote: I can see from the comments in the radiusd.conf file how to tell the radius server where to find which certificate(s) to use for EAP/TLS operation, but how does one specify what certificate to use for (the initial TLS phase of) the EAP/TTLS operation? It uses the TLS certificates, as configured in the TLS module. When using LDAP for authentication, passwords are not necessarily in clear text. Am I to understand the above to mean that I must store my passwords in LDAP in clear text for EAP to work? For EAP-MD5, and EAP-TTLS with tunneled CHAP, MS-CHAP, and EAP-MD5. If anyone is successfully using EAP/TTLS, especially in concert with LDAP, I would certainly appreciate some configuration examples. You shouldn't have to do anything special to get TTLS working with LDAP. Get LDAP working, uncomment the TTLS module, and the tunneled authentication request will use the pre-existing LDAP configuration. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Configuration questions for FreeRadius with EAP/TTLS and LDAP
We are trying to configure freeradius-snapshot-20030911 to use EAP/TTLS with LDAP (OpenLDAP 2.0.27). I have a few questions, however. I can see from the comments in the radiusd.conf file how to tell the radius server where to find which certificate(s) to use for EAP/TLS operation, but how does one specify what certificate to use for (the initial TLS phase of) the EAP/TTLS operation? Also, the file doc/rlm_eap states: The radius server needs a plaintext password so that it can perform the same one-way hash to determine that the password is correct. When using LDAP for authentication, passwords are not necessarily in clear text. Am I to understand the above to mean that I must store my passwords in LDAP in clear text for EAP to work? If anyone is successfully using EAP/TTLS, especially in concert with LDAP, I would certainly appreciate some configuration examples. Thanks in advance, -nic -- Nic Bernstein [EMAIL PROTECTED] Onlight llc. www.onlight.com 757 North Water Streetv. 414.272.4477 Milwaukee, Wisconsin 53202 f. 414.290.0335 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html