Professional Documents
Culture Documents
• Why 802.1x
• 802.1x uses Extensible Authentication Protocol (EAP) over LAN (EAPoL) that
is a network port authentication protocol PNAC (Port Based Network Access
Control) to give a generic network sign-on to access network resources
• a supplicant,
• an authenticator, and
• an authentication server
// JOIN DOMAIN
#net join –U Administrator
// TEST AUTH
// We will use this command in the ntlm_auth module of freeRADIUS
#ntlm_auth –-request-nt-key –-domain=XYZDOM –-username=example_user
client wlc {
ipaddr = 10.x.x.x
secret = myRADIUS
}
eap {
default_eap_type = peap
}
mschap {
ntlm_auth = "/usr/bin/ntlm_auth
--request-nt-key --domain=%{%{mschap:NT-Domain}:-myDOMAIN}
--username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
--challenge=%{%{mschap:Challenge}:-00}
--nt-response=%{%{mschap:NT-Response}:-00}
--require-membership-of='myDOMAIN\\eduroam'”
}
authorize {
mschap
}
authenticate {
ntlm_auth
Auth-Type MS-CHAP {
mschap
}
eap
}
ldap {
server = '10.254.254.101’
port = 389
identity = 'CN=Administrator,CN=Users,DC=uii,DC=ac,DC=id’
password = thisIsAVeryLongPasswordDoNotForgetIt
base_dn = 'OU=Accounts,DC=uii,DC=ac,DC=id’
user {
base_dn = "${..base_dn}”
filter = "(samaccountname=%{%{Stripped-User-Name}:-%{User-Name}})”
}
}
dot1x system-auth-control
radius server <radius-name>
address ipv4 <ip-radius> auth-port 1812 acct-port 1813
key 0 <key-secret-radius>