Hmmm, I believe that is what I have done. I have radius running for ldap auth already, ie: I telnet to my routers and switches using it, so I know that side works. We just got this AP1100 and I am looking to incorporate that into the mix.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Friday, April 23, 2004 3:28 PM To: [EMAIL PROTECTED] Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP) "Clayton Dukes" <[EMAIL PROTECTED]> wrote: > Well, I want that -- can I not use LDAP to authenticate the users? No. The packet contains an EAP message, and LDAP doesn't understand EAP. You have to use LDAP to retrieve the password, and then the EAP module will use that password to authenticate the user. Again, the server is designed to do almost all of this automatically from the default configuration. Look in the latest CVS snapshot. Un-comment the "ldap" lines in radiusd.conf, configure "ldap", change AS LITTLE AS POSSIBLE in "radiusd.conf". EAP authentication will then work, with passwords coming from LDAP. In other words, if you're not sure how it works, don't force it to do something. It will figure out the right thing on it's own. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html !DSPAM:40896b47212111231715645! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
