(RADIATOR) OpenLDAP directory + samba supporting EAP-TTLS and PEAP-MSCHAP-V2
Rogier Krieger
rkrieger at gmail.com
Mon Apr 2 01:53:17 CDT 2007
Hello Mike,
On 4/2/07, Mike McCauley <mikem at open.com.au> wrote:
> Hope that [latest Radiator patch set] helps.
It does. Using my PalmOS client, I can now successfully use both
PEAP-MSCHAP-V2 and EAP-TTLS-PAP against our LDAP directory. Getting
WinXP to work will probably require extending/replacing my current
server certificate (as listed in the FAQ [1]). It does not yet have
the OIDs mentioned in that article.
> Please let me know how you get on.
For the list archives: the following AuthBy LDAP2 clause seems to work
nicely for me. I will need to do some refining (such as a proper
accounting hook), but that shouldn't be much of a problem.
<AuthBy LDAP2>
Identifier Iverdahl-LDAP
# Generic configuration
UsernameMatchesWithoutRealm
HoldServerConnection
# LDAP Bind details
Host ldap.iverdahl.net
Version 3
AuthDN cn=radius,ou=a3,ou=services,dc=iverdahl,dc=net
AuthPassword *blanked*
# LDAP SSL/TLS settings
UseSSL
SSLCAFile %D/x509/ca/Iverdahl.net-CA-cacert.pem
# LDAP Information retrieval
BaseDN ou=iverdahl,ou=people,dc=iverdahl,dc=net
UsernameAttr uid
PasswordAttr sambaNTPassword
# Hooks
TranslatePasswordHook sub { return "{nthash}$_[0]"; }
# EAP Type settings
EAPType MSCHAP-V2
</AuthBy>
Cheers,
Rogier
References:
1. Radiator FAQ - I can't get PEAP to work with Windows XP SP1
http://www.open.com.au/radiator/faq.html#130
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list