On 01/02/2012 11:45 PM, Thorsten Scherf wrote:
Hey,
this is a comprehension question. When I have a ldap directory to
authenticate users with pam_ldap when they login to their local
workstations, how can I secure network access with radius?! I mean,
isn't that a chicken egg problem? How would I be able to talk to the
ldap server before I sucessfully authenticated against Radius? For sure
I do miss something, would be great if somebody could enlighten me. :)
If you want to use the login credentials to speak 802.1x, it can't be
done currently, as far as I know; you would need some kind of PAM module
that spoke to the system 802.1x supplicant. As far as I'm aware, there
is no such module.
This can be done under Windows.
Alternatively, you could just use a "machine-specific" account to
perform 802.1x. This can be done today with NetworkManager and a
"system" connection profile. This eliminates the chicken/egg issue.
Anyway, this is not a FreeRADIUS question - you should ask around the
PAM lists, or maybe ask the Gnome/NetworkManager guys.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
