From SemarkIT
Jump to: navigation, search


This setup assumes that you using Debian Lenny and already have OpenLDAP (Help can be found here: Primary Domain Controller - Samba + LDAP + NFS (roaming profiles)) installed and running.

Install FreeRadius

apt-get -t lenny-backports install freeradius-krb5 libfreeradius2 freeradius-common freeradius \
libssl-dev freeradius-ldap freeradius-utils freeradius-dialupadmin freeradius-iodbc dpkg-dev \
freeradius-dbg libfreeradius-dev openssl libdate-manip-perl
cp /usr/share/doc/freeradius/examples/openldap.schema /etc/ldap/schema/RADIUS-LDAPv3.schema
nano /etc/ldap/schema.conf
[ ... ]
include         /etc/ldap/schema/pureftpd.schema
include         /etc/ldap/schema/pptp.schema

include         /etc/ldap/schema/RADIUS-LDAPv3.schema 

# LDAP - del 2
include         /etc/ldap/schema/collective.schema
[ ... ]

Configure FreeRadius



  1. In most cases you will have the MD5 or CRYPT hashes stored in userPassword attribute. If so you will have to use EAP-TTLS with PAP inner tunnel authentication
  2. If you have NT/LM hashes stored because you e.g. use LDAP as backend to Samba you can use either EAP-TTLS with MSCHAPv2 inner tunnel authentication (this is the default) or EAP-PEAP
  3. If you have passwords in plain text stored in userPassword you can use whatever authentication method you want ie. EAP-TTLS, EAP-PEAP or EAP-MD5.