(RADIATOR) PEAP and LDAP integration problem

Mike McCauley mikem at open.com.au
Tue Jun 3 18:29:19 CDT 2003


Hello Joao,

You should be able to use PEAP and AuthBy LDAP2 together without any problems.
You should note that because PEAP uses non-reversible encryption, your LDAP 
database will need to contain the correct plaintext password, and Radiator to 
configured to get that password (ie not using ServerChecksPassword).

So, you should be able to use something like this (not tested)

<Handler>
	<AuthBy LDAP2>

		# Standard LDAP parameters:
		Host		localhost
		AuthDN		cn=Manager, dc=my-domain, dc=com
		AuthPassword	secret		
		BaseDN		dc=my-domain, dc=com
		UsernameAttr	cn
		PasswordAttr    userPassword

		# EAP support for PEAP
		EAPTypes PEAP
		EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
		EAPTLS_CertificateFile %D/certificates/cert-srv.pem
		EAPTLS_CertificateType PEM
		EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
		EAPTLS_PrivateKeyPassword whatever
		EAPTLS_MaxFragmentSize 1000
		AutoMPPEKeys
	</AuthBy>
</Handler>

As usual, if you are having problems making it work, please post your config 
file (no secrets) and a log file at trace level 4.

Cheers.


On Wed, 4 Jun 2003 01:03 am, Joao Martins wrote:
> Hi!
>
> 	I'm having a problem:
>
> 	I've configured radius.cfg to authenticate my users by external
> database - LDAP. I don't have any problems here!
> 	I've configured other radius.cfg to use PEAP, with a local users
> file. I don't have any problems here too!
>
> 	I'm trying to use PEAP and LDAP together, without any success.
>
> 	Can anyone give me some hints on how to get it work, or radius.cfg
> examples?
>
> 	I've tried many different configurations... and nothing!
>
> Thanks in advance.
>
>
>  Regards,
>
>
> João Martins
>
> =======================================================================
> Centro de Informática e Comunicações       Email: jmartins at cic.ua.pt
>       Universidade de Aveiro               Phone: +351 234 370099
>          3810-193 Aveiro                   Ext:   22299
>             Portugal                       Web:   http://www.cic.ua.pt/
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list