Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page RADIUS on Zimbra with MS-CHAPv2

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 08-09-2010, 10:24 AM
Senior Member
  
Posts: 71
Default RADIUS on Zimbra with MS-CHAPv2
Dear all,

I need to setup RADIUS based on the Zimbra LDAP for WiFi authentication. I currently have an setup where clients (Mac OS X) using TTLS-EAP can authenticate well against the LDAP based SSHA userPassword.

Still I have clients (iPhone & iPad) which only provide the MS-CHAPv2 protocol - which does not provide a cleartext user-password. As the NT-Password instead will be created by the RADIUS pap module based on the LDAP plain text password to be being compared against the MS-CHAP password provided, this would still work fine...

As long as Zimbra could provide a plain text password from its LDAP...

Can somebody help if there is a solution available I did not try yet?
Reply With Quote
  #2 (permalink)  
Old 06-13-2011, 11:25 AM
Starter Member
  
Posts: 2
Default does somebody have any success with it?
Hello.

I've run into the same issue trying to configure RADIUS auth against ZIMBRA LDAP using mschap-v2.
Does somebody have any success with it?

The only solution as I see is to install samba extension for zimbra. It should change LDAP schema. But I have no idea how it will change current production setup with list of users.

Can you point me to description of the solution ?
Reply With Quote
  #3 (permalink)  
Old 06-13-2011, 12:41 PM
Senior Member
  
Posts: 71
Default
qwartyr,

I once tried the samba plugin but gave up at the very beginning when I noticed it is not very handy to manage. I finally purchased a W2008 Server to host my domain users and do the authentication behind. Thus allows to run any authentication protocol even for group based multi SSID authentication... much easier During my evaluation I also tried OS X Server which was not an option for me as you would need a server for each group (Mac OS X would do the job if you could combine SSID name based rules with the OS X directory plugin).
Having the OS X schema implemented into MS AD, I have to admit it works like a charm - although I would have preferred to run a pure Linux environment...

Hope that helps you finding the right solution!
Reply With Quote
  #4 (permalink)  
Old 06-13-2011, 01:46 PM
Starter Member
  
Posts: 2
Default
Unfortunately, MS AD is not an option.
Client uses Zimbra as central point for everything, and want to add functionality to be able to auth users from his wireless controller.
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.