Hello, I'm trying to do the same thing, I know I have to use winbind and samba to get it, but in reading the news I found this freeradius 2.1 Added " Password-With-Header == userPassword" to raddb / ldap.attrmap This Will automaticallyconvert more passwords
[]'s -- Vinicius Teixeira Coelho Registered Linux User #469313 The Ubuntu Counter Project - user number # 21463 On Fri, Feb 11, 2011 at 3:37 PM, Gary Gatten <[email protected]> wrote: > I'm barely a novice with FR, so take this with a grain of salt: > > You forced ALL Authentication requests to use LDAP. EAP / LDAP don't play > well together. Remove the "Auth Type LDAP" - for now. > > You almost "never" want to set the Auth-Type directly, FR figures it out > from the request. For testing and troubleshooting it's OK, and if you > really know what the consequences are its OK, but generally speaking don't > set the auth type. > > As for accomplishing your goal, unfortunately others will have to help you > with that - I don't know FR/LDAP/EAP well enough. But, I don't THINK you > can authenticate EAP requests against LDAP directly because of the "no clear > text password" issue. > > Gary > > > -----Original Message----- > From: > freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org[mailto: > freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org] On > Behalf Of Max Schröder > Sent: Friday, February 11, 2011 11:06 AM > To: [email protected] > Subject: Freeradius + LDAP for WPA-Enterprise > > Hello to all, > > I would like to use Freeradius to authenticate my wireless network using > OpenWRT and Freeradius + LDAP. What I've done: > > First Authenticated Users in WLan using EAP-TTLS and files in > Freeradius. WORKED! Then I've configured ldap-Modul + added "ldap" in > the authorize- and "Auth-Type LDAP { ldap }" in the > authenticate-section. The test via radtest succeeded. > > But now the authentication using OpenWRT (EAP-TTLS) like the first try > with files - now with ldap did not work. I do noticed the following comment > > # Note that this means "check plain-text password against > # the ldap database", which means that EAP won't work, > # as it does not supply a plain-text password. > Auth-Type LDAP { ldap } > > but I don't know what to change that it worked like my first try with > the difference the users are in LDAP instead of a file. > > Hope to get any hints > > Best regards. > MS > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > > <font size="1"> > <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in > 0in 1.0pt 0in'> > </div> > "This email is intended to be reviewed by only the intended recipient > and may contain information that is privileged and/or confidential. > If you are not the intended recipient, you are hereby notified that > any review, use, dissemination, disclosure or copying of this email > and its attachments, if any, is strictly prohibited. If you have > received this email in error, please immediately notify the sender by > return email and delete this email from your system." > </font> > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
