Yes, but your samba is using the ldap []'s -- Vinicius Teixeira Coelho
Registered Linux User #469313 The Ubuntu Counter Project - user number # 21463 On Fri, Feb 11, 2011 at 4:35 PM, Gary Gatten <[email protected]> wrote: > Yeah, but that’s SAMBA – not LDAP. (Added "Password-With-Header == > userPassword" to raddb / ldap.attrmap ) sounds interesting! > > > ------------------------------ > > *From:* > freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org[mailto: > freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org] *On > Behalf Of *Vinicius Teixeira Coelho > *Sent:* Friday, February 11, 2011 12:09 PM > > *To:* FreeRadius users mailing list > *Subject:* Re: Freeradius + LDAP for WPA-Enterprise > > > > Hello, I'm trying to do the same thing, I know I have to use winbind and > samba to get it, but in reading the news I found this freeradius 2.1 Added > "Password-With-Header == userPassword" to raddb / ldap.attrmap This Will > automaticallyconvert more passwords > > > > []'s > -- > Vinicius Teixeira Coelho > > Registered Linux User #469313 > The Ubuntu Counter Project - user number # 21463 > > On Fri, Feb 11, 2011 at 3:37 PM, Gary Gatten <[email protected]> wrote: > > I'm barely a novice with FR, so take this with a grain of salt: > > You forced ALL Authentication requests to use LDAP. EAP / LDAP don't play > well together. Remove the "Auth Type LDAP" - for now. > > You almost "never" want to set the Auth-Type directly, FR figures it out > from the request. For testing and troubleshooting it's OK, and if you > really know what the consequences are its OK, but generally speaking don't > set the auth type. > > As for accomplishing your goal, unfortunately others will have to help you > with that - I don't know FR/LDAP/EAP well enough. But, I don't THINK you > can authenticate EAP requests against LDAP directly because of the "no clear > text password" issue. > > Gary > > > > -----Original Message----- > From: > freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org[mailto: > freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org] On > Behalf Of Max Schröder > Sent: Friday, February 11, 2011 11:06 AM > To: [email protected] > Subject: Freeradius + LDAP for WPA-Enterprise > > Hello to all, > > I would like to use Freeradius to authenticate my wireless network using > OpenWRT and Freeradius + LDAP. What I've done: > > First Authenticated Users in WLan using EAP-TTLS and files in > Freeradius. WORKED! Then I've configured ldap-Modul + added "ldap" in > the authorize- and "Auth-Type LDAP { ldap }" in the > authenticate-section. The test via radtest succeeded. > > But now the authentication using OpenWRT (EAP-TTLS) like the first try > with files - now with ldap did not work. I do noticed the following comment > > # Note that this means "check plain-text password against > # the ldap database", which means that EAP won't work, > # as it does not supply a plain-text password. > Auth-Type LDAP { ldap } > > but I don't know what to change that it worked like my first try with > the difference the users are in LDAP instead of a file. > > Hope to get any hints > > Best regards. > MS > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > <font size="1"> > <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in > 0in 1.0pt 0in'> > </div> > "This email is intended to be reviewed by only the intended recipient > and may contain information that is privileged and/or confidential. > If you are not the intended recipient, you are hereby notified that > any review, use, dissemination, disclosure or copying of this email > and its attachments, if any, is strictly prohibited. If you have > received this email in error, please immediately notify the sender by > return email and delete this email from your system." > </font> > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > "This email is intended to be reviewed by only the intended recipient > and may contain information that is privileged and/or confidential. If you > are not the intended recipient, you are hereby notified that any review, > use, dissemination, disclosure or copying of this email and its attachments, > if any, is strictly prohibited. If you have received this email in error, > please immediately notify the sender by return email and delete this email > from your system." > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
