Hi FreeRADIUS users,
I'm looking for a solution-- I'm hoping someone can help... (Please
forgive my mention of a commercial RADIUS vendor!)
We are going to implement a wireless LAN and will be using Cisco LEAP
and an existing LDAP directory for authentication to the internal piece
of the wireless network. LEAP requires an MD4 (MS-CHAP) password for
authentication.
We have tested Funk Steel-Belted RADIUS for this authentication against
LDAP. However, since we have a non-Microsoft LDAP server (iPlanet)
which can only store passwords in clear text, SHA or crypt we are
forced to store a clear text password in LDAP so that Funk SBR can
handle the hashing. We would like to store the MS-CHAP passwords in
LDAP and point Funk SBR to that instead, but their LDAP module only
knows how to process clear text, SHA or crypt. (we're trying to
convince them to write a custom authentication module, but we'll see...)
In the meantime, I'd like to try the following set up-- any ideas on if
it will work?
Cisco Aironet Access Point
|
|
|
Funk SBR RADIUS
|
|
| (RADIUS proxy)
FreeRADIUS
(local password file with LDAP username and MS-CHAP password. This
info would be written to the file by a special script invoked when a
user changes their password on our password change web page.)
Alternatively, if FreeRADIUS can pull the MS-CHAP passwords directly
from LDAP and pass them on to Funk SBR for the LEAP conversation, that
would be fine too.
thanks!
Jennifer
---
Jennifer Mehl
Network Administrator, IT - Network Services
Whitehead Institute for Biomedical Research (MIT)
5 Cambridge Center
Cambridge MA 02142
617.258.8930 voice
617.258.5121 fax
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- Re: EAP-LEAP and LDAP pwds in MS-CHAP Jennifer Mehl
- Re: EAP-LEAP and LDAP pwds in MS-CHAP Alan DeKok
