Mike Richardson wrote: > The suggestions made so far have been to uncomment this authenticate entry. > Once working should I be looking at commenting it out again and getting EAP > to work without the above bind?
No. If you're using TTLS + PAP, it's fine. For PEAP, it's impossible... > Ah, after another google search I've found another Novell article on > freeradius: > > https://secure-support.novell.com/KanisaPlatform/Publishing/558/3009668_f.SAL_Public.html > > which suggests using 'tls_mode=yes' and the port as 636. I've tried it and > it works - I can authenticate! However this option doesn't appear in the > radiusd.conf - is it deprecated or just not documented? It seems that Novell has updated their documentation without telling us. Nice. See why I say it's not the fault of FreeRADIUS? > Seems that eDirectory needs an encrypted session before it'll present the > password in clear text. Makes sense. > > I've also tried it with 'start_tls=yes' and port as 389, this also seems to > work. Which is the prefered method? Novell suggest the former but as it > isn't documented... If it works, ship it. Alan DeKok - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
