RE: radius+ldap+peap

2007-05-18 Thread Arjuna Scagnetto
Arjuna Scagnetto wrote: can someone tell me a good tutorial about making work freeradius with ldap and peap on a 802.1x architecture ? Get LDAP working with PAP authentication, but NOT using ldap bind. Get PEAP working with passwords in the users file. Try PEAP with a user

Re: radius+ldap+peap

2007-05-18 Thread Alan DeKok
Arjuna Scagnetto wrote: ... PEAP with user whose password is in LDAP ... userPAssword: {SSHA}tymetcetcetc This WILL NOT WORK. See: http://deployingradius.com/documents/protocols/compatibility.html use clear-text passwords in LDAP. If you can't put clear-text passwords in LDAP, stop

Re: radius+ldap+peap

2007-05-18 Thread Angelos Karageorgiou
as a general rool of thumb ,always use clear text in the ldap databases where you are trying to offer enhnanced password protection like cram-md5 even chap etc. You need the original data to calculate the hashes from. O/H Alan DeKok έγραψε: Arjuna Scagnetto wrote: ... PEAP with user

RE: radius+ldap+peap

2007-05-18 Thread Arjuna Scagnetto
O/H Alan DeKok ??: Arjuna Scagnetto wrote: ... PEAP with user whose password is in LDAP ... userPAssword: {SSHA}tymetcetcetc This WILL NOT WORK. See: http://deployingradius.com/documents/protocols/compatibility.html use clear-text passwords in LDAP. If

Re: radius+ldap+peap

2007-05-18 Thread Arran Cudbard-Bell
Angelos Karageorgiou wrote: as a general rool of thumb ,always use clear text in the ldap databases where you are trying to offer enhnanced password protection like cram-md5 even chap etc. You need the original data to calculate the hashes from. O/H Alan DeKok έγραψε: Arjuna Scagnetto

Re: radius+ldap+peap

2007-05-18 Thread Alan DeKok
Arran Cudbard-Bell wrote: use clear-text passwords in LDAP. If you can't put clear-text passwords in LDAP, stop trying to use PEAP. NO ! Calculate the damn NT Hashes... Never put users clear-text passwords in LDAP if you can avoid it. Step 1: Get it to work. Step 2: Get it to work

Re: radius+ldap+peap

2007-05-18 Thread Arran Cudbard-Bell
Alan DeKok wrote: Arran Cudbard-Bell wrote: use clear-text passwords in LDAP. If you can't put clear-text passwords in LDAP, stop trying to use PEAP. NO ! Calculate the damn NT Hashes... Never put users clear-text passwords in LDAP if you can avoid it. Step 1: Get it to work. Step

radius+ldap+peap

2007-05-17 Thread Arjuna Scagnetto
can someone tell me a good tutorial about making work freeradius with ldap and peap on a 802.1x architecture ? For the moment my freeradius server dies with a Segmentation Fault, i think it's caused by a misunderstanding between peap and ldap but i'm not sure. radius.conf{ ldap {

Re: radius+ldap+peap

2007-05-17 Thread Alan DeKok
Arjuna Scagnetto wrote: can someone tell me a good tutorial about making work freeradius with ldap and peap on a 802.1x architecture ? Get LDAP working with PAP authentication, but NOT using ldap bind. Get PEAP working with passwords in the users file. Try PEAP with a user whose