This setup assumes that you using Debian Lenny and already have OpenLDAP (Help can be found here: Primary Domain Controller - Samba + LDAP + NFS (roaming profiles)) installed and running.
apt-get -t lenny-backports install freeradius-krb5 libfreeradius2 freeradius-common freeradius \ libssl-dev freeradius-ldap freeradius-utils freeradius-dialupadmin freeradius-iodbc dpkg-dev \ freeradius-dbg libfreeradius-dev openssl libdate-manip-perl
cp /usr/share/doc/freeradius/examples/openldap.schema /etc/ldap/schema/RADIUS-LDAPv3.schema
[ ... ] include /etc/ldap/schema/pureftpd.schema include /etc/ldap/schema/pptp.schema # FreeRADIUS include /etc/ldap/schema/RADIUS-LDAPv3.schema # LDAP - del 2 include /etc/ldap/schema/collective.schema [ ... ]
- In most cases you will have the MD5 or CRYPT hashes stored in userPassword attribute. If so you will have to use EAP-TTLS with PAP inner tunnel authentication
- If you have NT/LM hashes stored because you e.g. use LDAP as backend to Samba you can use either EAP-TTLS with MSCHAPv2 inner tunnel authentication (this is the default) or EAP-PEAP
- If you have passwords in plain text stored in userPassword you can use whatever authentication method you want ie. EAP-TTLS, EAP-PEAP or EAP-MD5.