(RADIATOR) EAP and LDAP
Mike McCauley
mikem at open.com.au
Wed Jun 8 17:02:33 CDT 2005
Hi All,
On Thursday 09 June 2005 05:07, Jim Michael wrote:
> Chris, I haven't been paying attention to this thread... what LDAP
> directory were you trying against? We use eDirectory here and Radiator does
> EAP-TTLS/PAP (via Funk Odyssey client) perfectly.
You may be interested to know that recent additions to Radiator allow it to
support EAP-TTLS-* and EAP-PEAP-* when used with eDirectory Universal
Password
Cheers.
>
> Jim
>
> >>> On 6/8/2005 at 11:19:12 am, Chris Hills <chills at ne-worcs.ac.uk> wrote:
> >
> > I've decided to change my tack and use the nt passwords stored in ldap.
> > I have changed my configuration as follows:-
> >
> > <Realm ne-worcs.ac.uk>
> >
> > RewriteUsername s/^(.*)\@.*/$1/
> >
> > <AuthBy LDAP2>
> >
> > Host xxx
> >
> > BaseDN o=NEW College,c=UK
> > AuthDN xxx,o=NEW College,c=UK
> > AuthPassword xxx
> >
> > UsernameAttr uid
> > PasswordAttr ntPassword
> >
> > PostSearchHook sub {my $ntpassword =
> > $_[3]->get_check->get_attr('User-Password');
> > $_[3]->get_check->change_attr('User-Password', "{nthash}$ntpassword");}
> >
> >
> > EAPType MSCHAP-V2
> > EAPTLS_CertificateType PEM
> > EAPTLS_CAFile /usr/share/ssl/certs/cacert.pem
> > EAPTLS_CertificateFile /usr/share/ssl/certs/radius.pem
> > EAPTLS_PrivateKeyFile /usr/share/ssl/certs/radius.pem
> >
> > AutoMPPEKeys
> >
> > Debug 255
> >
> > </AuthBy>
> >
> > AcctLogFileName %L/detail.ne-worcs.ac.uk
> > </Realm>
> >
> > Now that I have discovered radpwtst (oops), I get the following output,
> > with -mschapv2:-
> >
> > Wed Jun 8 17:10:25 2005: DEBUG: Handling request with Handler
> > 'Realm=ne-worcs.ac.uk'
> > Wed Jun 8 17:10:25 2005: DEBUG: Rewrote user name to testuser
> > Wed Jun 8 17:10:25 2005: DEBUG: Deleting session for
> > testuser at ne-worcs.ac.uk, 203.63.154.1, 1234
> > Wed Jun 8 17:10:25 2005: DEBUG: Handling with Radius::AuthLDAP2:
> > Wed Jun 8 17:10:25 2005: INFO: Connecting to xxx port 389
> > Wed Jun 8 17:10:25 2005: INFO: Attempting to bind to LDAP server xxx:389
> > Wed Jun 8 17:10:25 2005: DEBUG: LDAP got result for
> > uid=testuser,xxx,o=NEW College,c=UK
> > Wed Jun 8 17:10:25 2005: DEBUG: LDAP got ntPassword:
> > E5810F3C99AE2ABB2232ED8458A61309
> > Wed Jun 8 17:10:25 2005: DEBUG: Radius::AuthLDAP2 looks for match with
> > studentuser
> > Wed Jun 8 17:10:25 2005: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password
> > Wed Jun 8 17:10:26 2005: INFO: Access rejected for testuser: Bad
> > Password
> >
> > I set the password to 'asdf' for the purpose of testing, and I am sure
> > it is correct in both ldap and radpwtst. So it seems it is not working
> > either.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list