Matt Ashfield wrote:
Hi All
I'm trying to do EAP-PEAP (with MSCHAPv2) radius authentication against an
LDAP database with my passwords stored in clear text on the directory. I'm
thinking my issues right now are with certificates.
PEAP requires a "server certificate" on the radius server. See the
CA.all or CA.certs scripts that come with the server, or generate them
with your existing CA *provided* you ensure the XP extension OIDs are in
the certs.
Can someone give me a quick explanation of what certificate requirements I
need to have on my radius server for doing the NAS-radius conversation as
well as the ldap authorization. Also, what certificates do I need for/from
the LDAP server?
That is not a radius issue, and is purely dependent on your LDAP server
setup. Typically if a cert is used at all, it would be on the LDAP
server, and the radius server (which is an LDAP client) just does normal
SSL.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
