(RADIATOR) OpenLDAP directory + samba supporting EAP-TTLS and PEAP-MSCHAP-V2
Mike McCauley
mikem at open.com.au
Mon Apr 2 06:56:35 CDT 2007
Hello Rogier,
thanks for the feedback.
Glad you are working now.
Cheers.
On Monday 02 April 2007 16:53, Rogier Krieger wrote:
> Hello Mike,
>
> On 4/2/07, Mike McCauley <mikem at open.com.au> wrote:
> > Hope that [latest Radiator patch set] helps.
>
> It does. Using my PalmOS client, I can now successfully use both
> PEAP-MSCHAP-V2 and EAP-TTLS-PAP against our LDAP directory. Getting
> WinXP to work will probably require extending/replacing my current
> server certificate (as listed in the FAQ [1]). It does not yet have
> the OIDs mentioned in that article.
>
> > Please let me know how you get on.
>
> For the list archives: the following AuthBy LDAP2 clause seems to work
> nicely for me. I will need to do some refining (such as a proper
> accounting hook), but that shouldn't be much of a problem.
>
> <AuthBy LDAP2>
> Identifier Iverdahl-LDAP
>
> # Generic configuration
> UsernameMatchesWithoutRealm
> HoldServerConnection
>
> # LDAP Bind details
> Host ldap.iverdahl.net
> Version 3
> AuthDN cn=radius,ou=a3,ou=services,dc=iverdahl,dc=net
> AuthPassword *blanked*
>
> # LDAP SSL/TLS settings
> UseSSL
> SSLCAFile %D/x509/ca/Iverdahl.net-CA-cacert.pem
>
> # LDAP Information retrieval
> BaseDN ou=iverdahl,ou=people,dc=iverdahl,dc=net
> UsernameAttr uid
> PasswordAttr sambaNTPassword
>
> # Hooks
> TranslatePasswordHook sub { return "{nthash}$_[0]"; }
>
> # EAP Type settings
> EAPType MSCHAP-V2
> </AuthBy>
>
>
> Cheers,
>
> Rogier
>
>
> References:
> 1. Radiator FAQ - I can't get PEAP to work with Windows XP SP1
> http://www.open.com.au/radiator/faq.html#130
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list