Thanks again Alan,
For reference the oriellys LDAP book instructs you to set "Auth-Type
:= LDAP" so thats where I got the bad reference (perhaps other people

Now lets see if I understood the tables correctly.

PAP is the only method that will support LDAP bind as user ?

I should comment out
        Auth-Type LDAP {

And as always some follow up questions:

When Using PAP -> LDAP will I still have to map userPassword to User-Password ?

Will there be extra configuration required on free radius to make use
of pap -> ADS ldap or will it work automatically because ldap is
configured in the modules {} section.

Wont using PAP mean plain text password from client -> cisco wap ->
radius -> ADS server ?

On 4/23/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Jacob Jarick wrote:
> > My problem is the ldap password retrieved from the windows client is
> > not being sent to the ldap server.
>   The problem is that you have configured "Auth-Type := LDAP", and then
> sent the server an 802.1x authentication request. Do NOT set Auth-Type =
> LDAP.  This is repeated all over the place in the configuration files,
> the documentation, and on this list.
>   In fact, just delete "ldap" from the "authenticate" section.  If you
> can get PAP working with that setup, then 802.1x && EAP should work, too.
>   Make sure that FreeRADIUS is retrieving the password from LDAP.  If
> you have FreeRADIUS doing "bind as user" to LDAP, then it is NOT
> retrieving the password from LDAP.
>   See:
>   And the two other web pages linked to from that page.
> > The weird thing is It was working fine friday.
>   Because you were doing PAP authentication.
>   I'm half inclined to remove "ldap bind as user" from the server
> entirely.  It confuses too many people, and causes too many problems.
>   Alan DeKok.
> --
>       - The web site of the book
> - The blog
> -
> List info/subscribe/unsubscribe? See
List info/subscribe/unsubscribe? See

Reply via email to