Thanks for your reply, and your time, Alan. Apparently these APs do care, has been tested and is stated in Skypilot documentation. i have moved on.
I jumped the gun with my post to the board out of frustration- restarting winbind on the server, a last minute flail of desperation, magically made the setup work as it should have. This machine runs a squid proxy as well as freeradius, and my suspicion is that there is some winbind contention in play here. Of course, the EAP.conf notes re: samba bugs and the freeradius FAQ dont address this issue as it is outside of the scope of those docs. As you are fond of saying, "the defaults work". Nolan >>> On 8/17/2010 at 11:48 PM, in message <[email protected]>, Alan DeKok <[email protected]> wrote: > Nolan King wrote: >> Due to some Skypilot APs that do not support EAP-TLS > > Huh? Access points don't care about the EAP method. > >> (requiring client certs) i am working on getting tunneled peap happening, > authenticating against AD. After following the excellent READMEs and other > instructional material at deployingradius and freeradius.org >> I have a successful configuration that access-accept's with EAP-TLS as well >> as > cleartext passwords. My homegrown certs work well with my AP (a cisco 1130AG > for testing) and EAP-TLS, but i cannot get an access-accept with tunneled > peap. > A bad password will return access-reject, pap logins work, but a good AD > login > gets stuck at an access-challenge. > > Read the FAQ, and "eap.conf". > > This specific issue is addressed. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
