You can integrate Novell eDirectory 8.8 or later with FreeRADIUS on SUSE Linux Enterprise Server (SLES) 10 and SLES 11 to allow wireless authentication for eDirectory users.
If you are new to FreeRADIUS, refer to the FreeRADIUS Web site for more information.
For more information on eDirectory, refer to the Novell eDirectory 8.8 Administration Guide.
By integrating eDirectory with FreeRADIUS, you can do the following:
Use Universal Password for RADIUS authentication
Universal Password provides single login and authentication for eDirectory users. Users do not need a separate password for RADIUS and eDirectory authentication.
Enforce eDirectory account policies for users
The existing eDirectory policies on the user accounts can still be applied even after integrating with RADIUS. Also, you can make use of the intruder lockout facility of eDirectory by logging the failed logins into eDirectory.
Figure 1-1 Wireless Authentication to eDirectory Integrated with FreeRADIUS
FreeRADIUS and eDirectory can be on two different machines. For example, you can have an eDirectory LDAP server with NMAS running on NetWare, but run FreeRADIUS on Linux without eDirectory on it. Token-based authentication is not supported on NetWare.
eDirectory users can use any of the following protocols for RADIUS authentication:
EAP-MSCHAP v1 and v2
MS-CHAP v1 and v2
IMPORTANT:We recommend that you use SHA-1 or SHA-2 algorithms and not MD5 authentication protocols for better security.
To integrate eDirectory with FreeRADIUS, you need to complete the following tasks:
Install and configure FreeRADIUS server. For more information, see Section 2.0, Installing FreeRADIUS.
Enable RADIUS authentication for eDirectory users by using the iManager plug-in for RADIUS to configure them. For more information, see Section 5.1.1, Configuring iManager Plug-In for RADIUS
Install Novell Radius LDAP Extensions for token-based authentication. For more information, see Step 3.