Comments on: WPA Wireless Authentication with eDirectory and FreeRADIUS

By: FreeRaduis and OES2 SP2 - Linux - NOVELL FORUMS

FreeRaduis and OES2 SP2 - Linux - NOVELL FORUMS — Mon, 14 Jun 2010 16:14:37 +0000

[...] [...]

By: Matt Stavert

Matt Stavert — Wed, 09 Jun 2010 22:14:19 +0000

How do I make the certificates longer than one year? Any guidence would be fantastic, please email, staverts@shaw.ca

By: Jim Hallahan

Jim Hallahan — Mon, 01 Feb 2010 16:26:04 +0000

Having trouble getting this solution working. Works fine with LDAP auth. and NTRadTest. I seem to be having trouble with the certificates on the XP workstation. Anybody have any tips regarding what certificates I need to import to the workstation, type/format etc.. jim.hallahan@gmail.com.

Jim Hallahan

By: Jim Hallahan

Jim Hallahan — Thu, 28 Jan 2010 09:46:52 +0000

Great article. Haven’t tried the connection on the XP yet. I am also a littel confused as the certificate format for the windows xp client. Is it supposed to be servercert.pem or should it be something like servercert.cer ? The documentation says export yast ca to servercert.pem, later on the documentation refers to importing cert.cer on the windows xp machine. I get an authentication accept using ntradping. Will be trying it on an XP tomorrow.

Thanks for the effort
Jim Hallahan

By: Rick Bousquet

Rick Bousquet — Wed, 11 Nov 2009 17:21:08 +0000

For anyone who runs into this. The default cert created by Sles is one year. Before undertaking this create a new server cert and than export it. Make it longer than a year. Dave you some pain one day when people get expired cert errors.

By: Patrick Corrigan

Patrick Corrigan — Fri, 26 Jun 2009 22:38:32 +0000

Please ignore my last message. I should have read forward! Thanks.

By: Patrick Corrigan

Patrick Corrigan — Fri, 26 Jun 2009 22:33:14 +0000

Thanks for a great, comprehensive article. I have one question: The CA accessible through YAST is the YAST_Default_CA.

Don’t I need the eDirectory Organizational CA?

Thanks.

By: Richard Isted

Richard Isted — Mon, 22 Jun 2009 12:36:45 +0000

Chris,

Just wanted to say a massive thank you for creating this arlicle. This has been driving me round the bend for a while and your guide got me 95% there.

Two things caught me out.

1. Problem with the certificates: I had an issue as I was connecting to ldap on 127.0.0.1 and it kept giving me a tls error. I eventually realised this was because the server name in the certificate was set to radius-server but that was not associated to 127.0.0.1. I made a hosts entry for the server IP 192.168.1.10 and set this to radius-server, then set the ldap server (in radius.conf) to connect to as 192.168.1.10 instead of 127.0.0.1.

2. When trying to authenticate I kept getting (rlm_ldap: Error reading Universal Password.Return Code = -1659), amongst other errors. Basically I think it means that the radiusAdmin user was not able to read the universal password for my account.

Basically it would seem that you do need to enable Forgotten Password feature then allow admin to retreive the passwords, the guide says to turn it off. To do this in iManager go to the Password Policies option. Go to the forgotten password tab and just click enable then apply. After that click on the Universal Passwords tab then Configuration Options then under the Universal Password Retrieval section tick the Allow admin to retrieve passwords, I also unticked Allow user to retrieve passwords. I was not able specifically specify any objects or users but it seems to work just fine.

I think that was everything I did (hopefully)

Thanks again!

Rich.

By: Arni Snorri Eggertsson

Arni Snorri Eggertsson — Fri, 12 Jun 2009 13:00:12 +0000

Has anyone managed to do “single sign on” with a novell client and this?

By: chrismoos

chrismoos — Sat, 04 Apr 2009 23:02:23 +0000

I originally wrote this article years ago — I can’t believe there are people who still find it useful. That’s great though!