"Christopher Price" <[EMAIL PROTECTED]> wrote:
> I tried starting from scratch with the default configuration files. Just
> for giggles I put a dummy user in the users file and commented out any
> reference to ldap in the authorize and authentication sections of
> radiusd.conf. The 802.1X worked fine in this manner.
Yup.
> Now that I am back to almost the default state, what additional
> parameters are required to make the LDAP piece work?
Configure the ldap{} subsection in modules{}.
Uncomment ldap in authorize{}
Delete the dummy user from the "users" file.
Use "radtest" to do PAP authentication for a dummy user in the LDAP
database.
Use something else to do MS-CHAP authentication for a dummy user in
the LDAP database. For testing, you may want to put a clear-text
password in LDAP.
If you don't want to permanently have clear-text passwords in LDAP,
try adding an 'ntPassword' or 'sambaNtPassword' to LDAP for the dummy
user, and deleting the clear-text password from LDAP.
Try PAP && MS-CHAP again.
If MS-CHAP works, then PEAP should work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
