View previous topic :: View next topic |
Author |
Message |
mem_gentoo n00b
Joined: 27 Apr 2007 Posts: 27
|
Posted: Fri Apr 27, 2007 6:07 am Post subject: Freeradius Auth via LDAP against Active Directory Server 200 |
|
|
Hello,
I have read all available howtos/ documentation several times (Im not exagerating) but I am still unable to make FR work as I need it to.
I am currently trying to implement the following scenario.
client -> cisco wap -> linux + Freeradius -> Windows 2003 AD LDAP
I have anonymous directory searching enabled and I have installed Services For Unix.
My current problem/ question is - how do I make freeradius check against the supplied password hash, or if not possible what method is used when freeradius is talking directly to windows 2003 ADS LDAP.
attached are all my config files, tested output from radping (unfortunately I do not have access to a laptop with wireless this afternoon) and the ldap search output.
radius -X -f output from radping: http://pastebin.ca/460658
config files: http://rapidshare.com/files/28146791/radius_configs.tgz.html
ldap search output: http://rapidshare.com/files/28146927/ldapsearch.txt.gz.html
Thanks in advance for any help be able to provided |
|
Back to top |
|
|
MorpheuS.Ibis Tux's lil' helper
Joined: 22 Apr 2006 Posts: 143
|
Posted: Wed Nov 28, 2007 8:03 pm Post subject: |
|
|
maybe i can help you, i have succesfully set up a freeradius using LDAP autentication against smbldap created entries, which might be pretty similar to those on windows
i use LM and NT hash pairs in database and peap-mschapv2 for WPA
reply if you are still working on this issue, i will post you my config |
|
Back to top |
|
|
alunduil Retired Dev
Joined: 13 Mar 2005 Posts: 96 Location: San Antonio, TX, USA
|
Posted: Thu May 22, 2008 6:21 pm Post subject: |
|
|
I'm running into problems getting our FreeRADIUS to talk with our LDAP, so if you could pass that configuration file that would be very helpful.
Regards,
Alunduil |
|
Back to top |
|
|
MorpheuS.Ibis Tux's lil' helper
Joined: 22 Apr 2006 Posts: 143
|
Posted: Fri May 23, 2008 4:59 am Post subject: |
|
|
ldap.attrmap is pretty default, only with
Code: | #checkItem LM-Password LMPassword
#checkItem NT-Password NTPassword
checkItem LM-Password sambaLMPassword
checkItem NT-Password sambaNTPassword |
radius.conf ldap entry
Code: | ldap eduroam {
server = "127.0.0.1"
identity = "cn=root,dc=CAG,dc=CZ"
password = [secret]
basedn = "dc=CAG,dc=CZ"
# filter = "(uid=%{Stripped-User-Name})"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
ldap_connections_number = 50
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
timeout = 4 |
add ldap (or the name of the ldap server, as i am using) into authorize and authenticate
Code: | authorize {
...
eduroam
...
}
...
authenticate {
...
Auth-Type eduroam {
eduroam
}
...
}
|
and your users should know to use it
Code: | DEFAULT Auth-Type = eduroam
Fall-Through = Yes |
hope this helps, i dont remember all the things i changed for making it work...
EDIT: freeradius-1.1.7 or so, not freeradius-2 (which has somewhat different config)
EDIT2: made a mistake in the users entry, radius is *very* sensitive on commas |
|
Back to top |
|
|
|