1.0 Overview

You can integrate Novell eDirectory 8.8 or later with FreeRADIUS on SUSE Linux Enterprise Server (SLES) 10 and SLES 11 to allow wireless authentication for eDirectory users.

If you are new to FreeRADIUS, refer to the FreeRADIUS Web site for more information.

For more information on eDirectory, refer to the Novell eDirectory 8.8 Administration Guide.

By integrating eDirectory with FreeRADIUS, you can do the following:

  • Use Universal Password for RADIUS authentication

    Universal Password provides single login and authentication for eDirectory users. Users do not need a separate password for RADIUS and eDirectory authentication.

  • Enforce eDirectory account policies for users

    The existing eDirectory policies on the user accounts can still be applied even after integrating with RADIUS. Also, you can make use of the intruder lockout facility of eDirectory by logging the failed logins into eDirectory.

Figure 1-1 Wireless Authentication to eDirectory Integrated with FreeRADIUS

FreeRADIUS and eDirectory can be on two different machines. For example, you can have an eDirectory LDAP server with NMAS running on NetWare, but run FreeRADIUS on Linux without eDirectory on it. Token-based authentication is not supported on NetWare.

eDirectory users can use any of the following protocols for RADIUS authentication:

  • CHAP

  • EAP-MSCHAP v1 and v2

  • EAP-TLS

  • LEAP

  • MS-CHAP v1 and v2

  • PEAP

For a complete list of protocols and information about them, refer to “FreeRADIUS Features” and to the IETF Web site.

IMPORTANT:We recommend that you use SHA-1 or SHA-2 algorithms and not MD5 authentication protocols for better security.

To integrate eDirectory with FreeRADIUS, you need to complete the following tasks: