(RADIATOR) OpenLDAP directory + samba supporting EAP-TTLS and PEAP-MSCHAP-V2

Rogier Krieger rkrieger at gmail.com
Mon Apr 2 01:53:17 CDT 2007

Hello Mike,

On 4/2/07, Mike McCauley <mikem at open.com.au> wrote:
> Hope that [latest Radiator patch set] helps.

It does. Using my PalmOS client, I can now successfully use both
PEAP-MSCHAP-V2 and EAP-TTLS-PAP against our LDAP directory. Getting
WinXP to work will probably require extending/replacing my current
server certificate (as listed in the FAQ [1]). It does not yet have
the OIDs mentioned in that article.

> Please let me know how you get on.

For the list archives: the following AuthBy LDAP2 clause seems to work
nicely for me. I will need to do some refining (such as a proper
accounting hook), but that shouldn't be much of a problem.

<AuthBy LDAP2>
	Identifier Iverdahl-LDAP

	# Generic configuration

	# LDAP Bind details
	Host ldap.iverdahl.net
	Version 3
	AuthDN cn=radius,ou=a3,ou=services,dc=iverdahl,dc=net
	AuthPassword *blanked*

	# LDAP SSL/TLS settings
	SSLCAFile %D/x509/ca/Iverdahl.net-CA-cacert.pem

	# LDAP Information retrieval
	BaseDN ou=iverdahl,ou=people,dc=iverdahl,dc=net
	UsernameAttr uid
	PasswordAttr sambaNTPassword

	# Hooks
	TranslatePasswordHook sub { return "{nthash}$_[0]"; }

	# EAP Type settings



1. Radiator FAQ - I can't get PEAP to work with Windows XP SP1

Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list