Alan,

my test pc only supports PEAP over wireless and setup has to be wireless.

Removing "ldap" from the "authenticate" section causes an EAP error,
so I guess there is more configuration than simply removing /
commenting that section out.

I dont know how to not bind as a user when using FR + LDAP, no
document I have seen so far seems to cover it.

What encryption do you use for the ldap password in radius.conf ? so
that anonymous searches are not needed.

On 4/24/07, Jacob Jarick <[EMAIL PROTECTED]> wrote:
> So the big question is, what Auth-Type do I use ?
>
> If LDAP is not permitted (still confuses me as I only need / want
> radius to authenticate against LDAP) what Auth-Type do I set in the
> users file so that Wireless users can authenticate using their ADS
> username and passwords.
>
> On 4/23/07, Jacob Jarick <[EMAIL PROTECTED]> wrote:
> > Forgive the newbie questions but I think its best to clear up confusion.
> >
> > client -> cisco -> FR server = eap
> >
> > FR -> ADS 2003 = pap
> >
> > Is that correct or am I way off track.
> >
> > On 4/23/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
> > > Jacob Jarick wrote:
> > > > Thanks again Alan,
> > > > For reference the oriellys LDAP book instructs you to set "Auth-Type
> > > > := LDAP" so thats where I got the bad reference (perhaps other people
> > > > to).
> > >
> > >   Yes.  There is a LOT of documentation (web pages, etc.) that say to do
> > > the wrong thing.  It's unfortunate that the people writing those don't
> > > read the FreeRADIUS docs first, and don't ask us to review their
> > > configuration.
> > >
> > > > Now lets see if I understood the tables correctly.
> > > >
> > > > PAP is the only method that will support LDAP bind as user ?
> > >
> > >   It's the other way around.  LDAP "bind as user" only works with PAP.
> > >
> > > > When Using PAP -> LDAP will I still have to map userPassword to 
> > > > User-Password ?
> > >
> > >   No.
> > >
> > >   I've added some more code that will go into 1.1.7 && 2.0.  If the LDAP
> > > module succeeds in retrieving a password from LDAP, it does NOT set
> > > Auth-Type to LDAP.
> > >
> > > > Will there be extra configuration required on free radius to make use
> > > > of pap -> ADS ldap or will it work automatically because ldap is
> > > > configured in the modules {} section.
> > >
> > >   I would ask what other authentication protocols you need to support
> > > before suggesting to set Auth-Type to LDAP.
> > >
> > > > Wont using PAP mean plain text password from client -> cisco wap ->
> > > > radius -> ADS server ?
> > >
> > >   No.  802.1x uses EAP, which is NOT PAP, and which is NOT compatible
> > > with Auth-Type = LDAP.
> > >
> > >   Alan DeKok.
> > > --
> > >   http://deployingradius.com       - The web site of the book
> > >   http://deployingradius.com/blog/ - The blog
> > > -
> > > List info/subscribe/unsubscribe? See 
> > > http://www.freeradius.org/list/users.html
> > >
> >
>
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to