WPA 802.1x Enabled AP + Freeradius (+ LDAP ?)

[SpaceTeddy]

For more than a week i've been banging my head against every wall i could find....

So, here is what i have:

I have a few AccessPoints (linksys WAP4400N and AT-WA7400) which all support WPA2 Enterprise against Radius. They are also 802.1x enabled.Also, i have a Dell Poweredge 1950 ready with an Ubuntu 8.04.1 LTS Server installed.

And here is what i need to do:

We have need user authentication against a user database on these Access points. I've seen this to work in other places, but never found anybody to actually tell me how this works. I've read a ton of tutorials, have already broken a few virtual machines following them in test setups and basically cannot get the authentication to work.

If the auth in the end works against an LDAP (that would be awesome) or some text file is really not important - i just want it to work for now - and then see where to go from there.

So, does anybody have the patience to tell me how the simplest setup work so that any client (Ubuntu(linux)/Windows/Mac) can use the Wifi via WPA2 and username/password authentication.
I think i should also mention that having a client certificate is not possible, as we have more than 100 different people using this wifi every month - and i really... really do not want to hand out certificates to anybody who want to use it. I need plain username/password.

I know this is not really an easy question (or maybe it is ?) but i would be very happy if anybody could help me with this.

Thanks in advance

[SpaceTeddy]

anybody ? please ?

[SpaceTeddy]

ok, i lost. It was implemented by a co-worker and we are going to buy a windows server for it - it seems to be easier there.

shame... really... could have put the money to some other use...

thanks to anyone who read this.

[TwoWordz]

hi SpaceTeddy,

Its a shame you couldn't make it work and you had to rely on windows.

I have a similar setup at work that I did using our existing AD infrastructure.

If you still want to make it work, I suggest you get started with the LDAP configuration. When you can successfully authenticate against it, go ahead and configure free radius. Later, you will need to create some certificates for 802.1x to work, this is not easy either. Then when all works make your access-point connect to your radius and look at the logs.

Deploying 802.1x is a huge job when you don't have the underlying infrastructure already in place...

Good luck,

TW

[SpaceTeddy]

i haven't even started on how this is supposed to work in the end... but - i've cracked the first nut now and got freeradius to auth against the local users file - so there is some hope i might acctually figure this out one day.

The way this is supposed to work in the end is

Cliet <--> AP <--> freeradius <--> ldap <--> novell e-directory

now, the last two is actually one, as the e-directory already supplies ldap information. So, in the end, that is how it is supposed to work.

I'll post some information as soon as i got everything working...

BTW, my problem was not freeradius - it was the windows client being bitchy. Once i had a mac client it figured out that this was a cert problem (which windows never told me). So accepting the server cert and suddenly i could log in... but as i said, i'll post something (hopefully) comprehensive later on...

thanks for your answer