RE: Cisco 1100 AP and XP Client using tls (PEAP)

Fri, 23 Apr 2004 14:17:38 -0700 

Sorry, I must have misunderstood. Forgive me...If I turn off LDAP in the
authenticate section, won't that mess up my being able to to telnet to my
routers using ldap authentication?



Here's my config:

        #  For all EAP related authentications 
        eap {
                default_eap_type = tls
                ## EAP-TLS is highly experimental EAP-Type at the moment.  
                #       Please give feedback on the mailing list.
                tls {
                        private_key_password = h0l3blk
                        private_key_file = /etc/raddb/1x/enoc.pem
                        certificate_file = /etc/raddb/1x/enoc.pem
                        #  Trusted Root CA list
                        CA_file = /etc/raddb/1x/root.pem
                        dh_file = /etc/raddb/1x/dh
                        random_file = /etc/raddb/1x/random
                                fragment_size = 1024
                                include_length = yes
                }
        }

        # Microsoft CHAP authentication
        #
        #  This module supports MS-CHAP and MS-CHAPv2 authentication.
        #  It also enforces the SMB-Account-Ctrl attribute.
        #
        mschap {
                authtype = MS-CHAP

                # if use_mppe is not set to no mschap will
                # add MS-CHAP-MPPE-Keys for MS-CHAPv1 and
                # MS-MPPE-Recv-Key/MS-MPPE-Send-Key for MS-CHAPv2
                #       use_mppe = no

        }               
                        
        ldap {          
                server = "enoc.esnet.com"
                basedn = "ou=users,dc=esnet,dc=com"
                filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
                start_tls = no  
                access_attr = "dialupAccess"
                dictionary_mapping = ${raddbdir}/ldap.attrmap
        
                ldap_connections_number = 5
        }       
authenticate {
      unix

        # Uncomment it if you want to use ldap for authentication
        Auth-Type LDAP {
                ldap
        }
        eap
}
post-proxy {
       eap
}
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Friday, April 23, 2004 3:42 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP) 

"Clayton Dukes" <[EMAIL PROTECTED]> wrote:
> Hmmm, I believe that is what I have done.

  <shrug> Nothing in the default configuration of the server sets Auth-Type
to LDAP.  So you must have edited something to set it in your local system.

  a) find out what you edited
  b) look at the debug trace to see what's matched, where,
     and see if those things set Auth-Type to LDAP.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


!DSPAM:40896e62219764977115664!



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to