Hi,

I'm a newbie to all of this, so please bear with me.  This list is all I've got!

We are introducing a wireless infrastructure on our campus (a little late in the 
game).  
Right now we're in testing phase.  In this testing phase, We are using several 3com 
7250 AP's, some 3com cards capable of 802.1x, and Novell eDirectory (LDAP).  My 
requirement is to enable 802.1x authentication to the AP's using EAP/TLS.  
Additionally, I need to be able to authenticate the users to Novell via LDAP.  All via 
the FreeRADIUS server.

I have configured freeradius version 0.9.3 to work successfully with only ldap 
authentication against Novell eDirectory.  I have also verified that 802.1x 
authentication is working with the AP. However, if I attempt to somehow enable both 
authentication mechanisms, I fail.  The logs keep passing the EAP username 
(common name from cert) to ldap and of course ldap spits it out because the object 
does not exist.

Again, I'm new to this, and maybe I have made incorrect assumptions of what the 
end result should be.  Maybe this isn't even possible, but here's what I had hoped to 
come away with:  the wireless user boots their laptop, then gets authenticated via 
eap/tls.  They then open a browser, and are asked for username and password (via 
dialog box?), or either redirected to a login page.  The username and password are 
then passed to ldap for authentication.  Successful authentication results in the 
client 
being given internet access.  Is this possible?  Or, am I totally misunderstanding how 
this is all supposed to work (very likely)?

I must admit, I'm not very comfortable when working with the config files.  Not too 
sure what I'm doing in there.  I tackled this whole project somewhat blindly, with the 
help of various bits of info I gathered from google searches.  I do need to obtain a 
good book on this stuff...that's obvious...but I am hoping that someone on this list 
has experience with getting freeradius to work with eap/tls and novell ldap 
authentication and is willing to share that experience and wisdom.

(Embarrassed) Sorry again for the newbie-ness of this post, and thanks in advance 
for any help!

mack

-- 
This message has been scanned for viruses and
dangerous content by the CSU Email Gateway, and is
believed to be clean.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to