Hi Jos�, I can send to you my radius.conf configuration where EAP/TTLS with LDAP work with SecureW2 client.
Lionel. -----Message d'origine----- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de Jos� Luis Solano Envoy� : lundi 23 f�vrier 2004 10:11 � : [EMAIL PROTECTED] Objet : Re: Alfa&Ariss Client Heeeeeeeeeeeeelp!!!!!!! Hi Jean-Paul, As you know, I'm fightting with my freeradius to run EAP/TTLS. I use Secure W2 client and LDAP, so could you (Jean-Paul) send me your configuration, please? I would need: -do I need to change anything when I install freeradius? -Modules eap, authorize, authenticate and ldap in radiusd.conf -users file configuration -have you changed anything in dictionary file? Thanks in advance Jos� Luis Solano SGI - Soluciones Globales Internet S.A. Delegaci�n Regional Sur [EMAIL PROTECTED] (+34) 954.088.060 ----- Original Message ----- From: "Jean-Paul Chapalain" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, February 20, 2004 4:14 PM Subject: Re: Alfa&Ariss Client Heeeeeeeeeeeeelp!!!!!!! > Hi Tom, > > Tom Rixom wrote: > > Sorry about the previous email.... wasn't awake yet... here is a repost: > > > > Hello, > > > > If your LDAP back-end uses encrypted passwords certain authentication > > methods cannot be used. > > > > PEAP-EAP-MSCHAPV2 for example requires either clear-text passwords or > > Microsoft NT HASH passwords. I am not sure about LEAP. > > > > Because SecureW2 v1 sends over the password in the clear it can be used > > on any kind of database encryption their is. > > > > Are you using encryption in your LDAP database? > > I'm using Active Directory which encrypt the password. > > > > Tom Rixom > > Alfa & Ariss > > > > Today, i succeeded a configuration with FreeRadius for EAP/TTLS (PAP) > (SecureW2 client on Windows) which running with user/password check on > Ldap back-end(AD). > > But for EAP/PEAP and EAP/LEAP challenge use MS-CHAP or MS-CHAPV2 for > hashing. So FreeRadius can't retreive clear-text password from packets > and can't perform check on Ldap back-end. > Are you agree with this ? > > I 'm searching a solution to authenticate LEAP client (Mac OSX) with > FreeReadius and Ldap back-end. > > Regards, > > Jean-Paul. > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
