|

»

»

FreeRadius - User

WLAN - Freeradius - OpenLDAP - VLANs

View: New views

4 Messages — Rating Filter: Alert me

	WLAN - Freeradius - OpenLDAP - VLANs by _Stefan_H () :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message First I know my english is not the best, but i hope you will understand it. In the course of a project i have to make an authentification against a freeradius server for the WLAN Users. On the Server(OpenSUSE11.1) is a LDAP Directory and i want that the WLAN Users have to authentificate with their accounts. After the successful authentification they will be put into an other VLAN, that they can use their homedirectories. I would like to know how I should do it, because i inform me about the Authentification Types(EAP-TLS,TTLS,PEAP) and know I am totally confused which i have to configure at the freeradius Server. I think that PEAP would be the easiest, but I really don't know which can be used whth a dynamic VLAN. The AP is an Linksys WRT-54-GS and the Switch is an CISCO-2950
	Re: WLAN - Freeradius - OpenLDAP - VLANs by José Johnny RANDRIAMAMPIONONA :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Freeradius work well with openldap but only with cleartext password (PAP). Best regards! 2009/11/9 _Stefan_H <stefanh007@...> First I know my english is not the best, but i hope you will understand it. In the course of a project i have to make an authentification against a freeradius server for the WLAN Users. On the Server(OpenSUSE11.1) is a LDAP Directory and i want that the WLAN Users have to authentificate with their accounts. After the successful authentification they will be put into an other VLAN, that they can use their homedirectories. I would like to know how I should do it, because i inform me about the Authentification Types(EAP-TLS,TTLS,PEAP) and know I am totally confused which i have to configure at the freeradius Server. I think that PEAP would be the easiest, but I really don't know which can be used whth a dynamic VLAN. http://old.nabble.com/file/p26230857/1.jpeg The AP is an Linksys WRT-54-GS and the Switch is an CISCO-2950 -- View this message in context: http://old.nabble.com/WLAN----Freeradius----OpenLDAP----VLANs-tp26230857p26230857.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- JJohnny RANDRIAMAMPIONONA Phone: +212663682554, +212533158575 National School of Applied Sciences ZIP 1818 TANGIER 90000 ---------Morocco --------------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
	Re: WLAN - Freeradius - OpenLDAP - VLANs by nf-vale :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Monday 09 November 2009 12:25:13 José Johnny RANDRIAMAMPIONONA wrote: > Freeradius work well with openldap but only with cleartext password (PAP). > Best regards! Don't give wrong answers if you're not sure of what you're talking. > > 2009/11/9 _Stefan_H <stefanh007@...> > > > First I know my english is not the best, but i hope you will understand > > it. > > > > In the course of a project i have to make an authentification against a > > freeradius server for the WLAN Users. > > On the Server(OpenSUSE11.1) is a LDAP Directory and i want that the WLAN > > Users have to authentificate with their accounts. After the successful > > authentification they will be put into an other VLAN, that they can use > > their homedirectories. > > > > I would like to know how I should do it, because i inform me about the > > Authentification Types(EAP-TLS,TTLS,PEAP) and know I am totally confused > > which i have to configure at the freeradius Server. See http://deployingradius.com/documents/protocols/compatibility.html for compatibilty issues. You can authenticate users using PEAP against LDAP just as long as the user's entries in the LDAP DB have NT / LM password hashes. For instance, if using OpenLDAP, you need to include the samba.schema in the supported schemas list and then add sambaNTPassword and sambaLMPassword to each one of the user's entries in the DB. Ex: " dn: uid=xxx,ou=people,dc=local,dc=loc objectClass: inetOrgPerson objectClass: sambaSamAccount uidNumber: 1 uid: xxx userPassword:: e01ENX1mMmhLRytkajNnSSs2aEtmL3ltSnV3PT0= sambaLMPassword: AB849716E6B337C43B639FCD27BDA434 sambaNTPassword: 9574805413661ADC5E8FA7B943026723 ... " You can hash the user's password using the smbencrypt utility. > > > > I think that PEAP would be the easiest, but I really don't know which can > > be > > used whth a dynamic VLAN. > > > > http://old.nabble.com/file/p26230857/1.jpeg > > > > The AP is an Linksys WRT-54-GS > > and the Switch is an CISCO-2950 > > > > > > > > -- > > View this message in context: > > http://old.nabble.com/WLAN----Freeradius----OpenLDAP----VLANs-tp26230857p > >26230857.html Sent from the FreeRadius - User mailing list archive at > > Nabble.com. > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
	Re: WLAN - Freeradius - OpenLDAP - VLANs by _Stefan_H :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Thanks for answering and I hope that I will have no problems in configuring the server .... but I think that won't happen. nf-vale wrote: On Monday 09 November 2009 12:25:13 José Johnny RANDRIAMAMPIONONA wrote: > Freeradius work well with openldap but only with cleartext password (PAP). > Best regards! Don't give wrong answers if you're not sure of what you're talking. > > 2009/11/9 _Stefan_H <stefanh007@networld.at> > > > First I know my english is not the best, but i hope you will understand > > it. > > > > In the course of a project i have to make an authentification against a > > freeradius server for the WLAN Users. > > On the Server(OpenSUSE11.1) is a LDAP Directory and i want that the WLAN > > Users have to authentificate with their accounts. After the successful > > authentification they will be put into an other VLAN, that they can use > > their homedirectories. > > > > I would like to know how I should do it, because i inform me about the > > Authentification Types(EAP-TLS,TTLS,PEAP) and know I am totally confused > > which i have to configure at the freeradius Server. See http://deployingradius.com/documents/protocols/compatibility.html for compatibilty issues. You can authenticate users using PEAP against LDAP just as long as the user's entries in the LDAP DB have NT / LM password hashes. For instance, if using OpenLDAP, you need to include the samba.schema in the supported schemas list and then add sambaNTPassword and sambaLMPassword to each one of the user's entries in the DB. Ex: " dn: uid=xxx,ou=people,dc=local,dc=loc objectClass: inetOrgPerson objectClass: sambaSamAccount uidNumber: 1 uid: xxx userPassword:: e01ENX1mMmhLRytkajNnSSs2aEtmL3ltSnV3PT0= sambaLMPassword: AB849716E6B337C43B639FCD27BDA434 sambaNTPassword: 9574805413661ADC5E8FA7B943026723 ... " You can hash the user's password using the smbencrypt utility. > > > > I think that PEAP would be the easiest, but I really don't know which can > > be > > used whth a dynamic VLAN. > > > > http://old.nabble.com/file/p26230857/1.jpeg > > > > The AP is an Linksys WRT-54-GS > > and the Switch is an CISCO-2950 > > > > > > > > -- > > View this message in context: > > http://old.nabble.com/WLAN----Freeradius----OpenLDAP----VLANs-tp26230857p > >26230857.html Sent from the FreeRadius - User mailing list archive at > > Nabble.com. > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html