LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Radius + LDAP + EAP-PEAP (https://www.linuxquestions.org/questions/linux-software-2/radius-ldap-eap-peap-846093/)

jwstric2 11-23-2010 03:10 PM
Radius + LDAP + EAP-PEAP
 
3 Attachment(s)
I read over the freeradius and openldap docs for a day and used a high level procedure at http://vuksan.com/linux/dot1x/802-1x-LDAP.html. I can successuly authenicate to the radius server with simple authenication:

Code:
[root@localhost ~]# echo "User-Name = "jonatstr", Password = "ggsg"" | radclient -x  localhost auth testing123
Sending Access-Request of id 244 to 127.0.0.1 port 1812
        User-Name = "jonatstr"
        Password = "ggsg"
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=244, length=80
        Tunnel-Private-Group-Id:0 = "10"
        Tunnel-Medium-Type:0 = 802
        Tunnel-Type:0 = VLAN
        Filter-Id = "Enterasys:version=1:policy=Enterprise User"
[root@localhost ~]#

Having problems with EAP-PEAP. I've attached the debug from radius and ldap user. I'm thinkin its something to do with the way Im dealing with windows users (ntpasswords). As you can see, there is a warning indicating possible password problems. TLS tunnel is properly setup, fails on challenges to the client...

Thanks in advance...

jwstric2 11-23-2010 08:16 PM
So problems is definately in ldap, how I am storing the lm and nm passwords. I can store them in the users as cleartext-passwords and freeradius properly translates them. I'll have to mess with this a bit more ... suggestions still welcome.

jwstric2 11-23-2010 08:53 PM
In the innertunnel config file, I had to ensure ldap was before mschap. all is working now. will try and piece together a final doc to this forum...


All times are GMT -5. The time now is 06:36 PM.