RADIUS on Zimbra with MS-CHAPv2

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
catnipper
Advanced member
Advanced member
Posts: 71
Joined: Fri Sep 12, 2014 11:45 pm

RADIUS on Zimbra with MS-CHAPv2

Postby catnipper » Mon Aug 09, 2010 12:24 pm

Dear all,
I need to setup RADIUS based on the Zimbra LDAP for WiFi authentication. I currently have an setup where clients (Mac OS X) using TTLS-EAP can authenticate well against the LDAP based SSHA userPassword.
Still I have clients (iPhone & iPad) which only provide the MS-CHAPv2 protocol - which does not provide a cleartext user-password. As the NT-Password instead will be created by the RADIUS pap module based on the LDAP plain text password to be being compared against the MS-CHAP password provided, this would still work fine...
As long as Zimbra could provide a plain text password from its LDAP...
Can somebody help if there is a solution available I did not try yet?


qwartyr
Posts: 2
Joined: Sat Sep 13, 2014 2:04 am

RADIUS on Zimbra with MS-CHAPv2

Postby qwartyr » Mon Jun 13, 2011 1:25 pm

Hello.
I've run into the same issue trying to configure RADIUS auth against ZIMBRA LDAP using mschap-v2.

Does somebody have any success with it?
The only solution as I see is to install samba extension for zimbra. It should change LDAP schema. But I have no idea how it will change current production setup with list of users.
Can you point me to description of the solution ?
catnipper
Advanced member
Advanced member
Posts: 71
Joined: Fri Sep 12, 2014 11:45 pm

RADIUS on Zimbra with MS-CHAPv2

Postby catnipper » Mon Jun 13, 2011 2:41 pm

qwartyr,
I once tried the samba plugin but gave up at the very beginning when I noticed it is not very handy to manage. I finally purchased a W2008 Server to host my domain users and do the authentication behind. Thus allows to run any authentication protocol even for group based multi SSID authentication... much easier :) During my evaluation I also tried OS X Server which was not an option for me as you would need a server for each group (Mac OS X would do the job if you could combine SSID name based rules with the OS X directory plugin).

Having the OS X schema implemented into MS AD, I have to admit it works like a charm - although I would have preferred to run a pure Linux environment...
Hope that helps you finding the right solution!
qwartyr
Posts: 2
Joined: Sat Sep 13, 2014 2:04 am

RADIUS on Zimbra with MS-CHAPv2

Postby qwartyr » Mon Jun 13, 2011 3:46 pm

Unfortunately, MS AD is not an option.

Client uses Zimbra as central point for everything, and want to add functionality to be able to auth users from his wireless controller.
Kolesar
Posts: 1
Joined: Sat Sep 13, 2014 3:36 am

RADIUS on Zimbra with MS-CHAPv2

Postby Kolesar » Thu Apr 10, 2014 5:22 am

O my God,
I have a same question, and same problems. I want to use Zimbra via LDAP for WiFi Authentication.
Anybody good solution for this problem?

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 13 guests