Tim Tyler wrote: > Freeradius experts, > We just installed freeradius 2.05 on a Centos 5 system. We got PEAP > working rather quickly against our ldap server against LM/NT passwords. > We would also like to allow clients using Securew2 supplicants > configured for TTLS -PAP connections against (crypt and SSHA) passwords > stored in our ldap database.
That shouldn't be hard. > I presume we need to do an ldap bind? I would suggest not. LDAP bind is a hack. LDAP is a *database*. Use it as a *database*. > How do I configure TTLS-pap > requests to do an ldap bind for authorization/authentication without > breaking PEAP in 2.05? which 2.05 config file(s) will handle this > directly? Configure the LDAP module to pull the passwords from LDAP, and add them into the request. This is, in fact, in the default config. > Note: > In the old 1.x configs, I used to use the following authorize and > authentication configs show below to allow secureW2 users configured > with TTLS-pap to work: ... In 2.0, the virtual servers make your life easier. A LOT easier. See raddb/inner-tunnel, and references to "inner-tunnel" in raddb/eap.conf. There's even a sample config for testing the inner tunnel portion without doing EAP... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
