[RADIATOR] PEAP(MSCHAPv2), AD and Radiator on Linux

Wed May 19 16:41:00 CDT 2010

Hello Steve, Hello Pascal -

Note that in both cases (indeed any direct interaction with an external resource) Radiator waits for the response.

The difference between NTLM and LDAP is that NTLM spawns an external process, while LDAP is an interprocess call using sockets.

You always need to be careful with any solution to make sure that the external process is fast enough to keep up with the number of RADIUS requests you have to process.

We have many customers using both NTLM and LDAP (sometimes both together) very successfully.

Your alternative to using NTLM is to run an instance of Radiator on Windows and use the AuthBy LSA clause (but thats a whole other issue).

regards

Hugh

On 20 May 2010, at 06:00, Caporossi, Stephen G. wrote:

> Pascal,
> 
> I stayed away from this option for a long time because of the same “Caution”...about a month ago we decided to give it a try and have had no issues...~2000 wireless clients at any given time..
> 
> Steve
> 
> On 5/19/10 3:51 PM, "Pascal Beauregard" <Pascal.Beauregard at USherbrooke.ca> wrote:
> 
>> Hi,
>>  
>> What are my options if we want to authenticate wireless users with PEAP (MSCHAPV2) against an AD and my Radiator is running on Linux ?
>>  
>> Am I forced to use AuthBy NTLM ? If it’s the only option, there is a caution in the goodies/ntlm_eap_peap.cfg : Caution: AuthBy NTLM blocks while waiting for the result output of ntlm_auth. Can this affect the capacity of Radiator to handle high level of authentications ?
>>  
>> Is AuthBy LDAP2 will work with AD and PEAP and MSCHAPv2 ?
>>  
>>  
>> Pascal Beauregard
>> Analyste en télécommunications
>> Université de Sherbrooke
>> (819)821-7770
>> www.usherbrooke.ca <http://www.usherbrooke.ca> 
>> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator

NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.