Thanks very much everyone, specially Phil, Alan and the rest who
helped me but I cant recall just now. I Have fiiinally got it going
(properly this time to).
Here is a quick outline of my setup, I may write a detailed howto later on.
Windows XP home client -> cisco wap -> freeradius on Fedora -> Windows 2003 ADS
I used EAP-TTLS as the encryption / tunneling.
Used certs (needed for TTLS) that came with rpm.
Used PAP inside of EAP-TTLS (sends plain text password which ldap expects)
* Add 1 user with password for ldap searching (cant remember if user
needs special permision to search LDAP).
* Fortunately not much config is needed on the server, enabling
anonymous LDAP searching is very handy when figuring out a new domain
and its users.
WINDOWS XP CLIENTS:
I reccomend using SecureW2 on XP clients as it allows you to use PAP
inside of EAP.
Configure clients with these options:
My windows client details:
Network Authentication: Open
Data Encryption: WEP
the key is provided for me automatically: (ticked)
EAP type: SecureW2
Authenticate as a computer: (unticked)
Authenticate as a guest: (unticked)
Securew2 config details:
use alternate outer identity: (unticked)
verify server cert: (unticked)
Select Authentication Method: PAP
Prompt user for credentials: (ticked)
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html