PS: We also use ntlm_auth for 802.1x. All the docs I read and the comments within the various FR files say EAP and LDAP won't work - for Authentication. Authorization should be fine.
G -----Original Message----- From: freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org] On Behalf Of Max Schröder Sent: Friday, February 11, 2011 2:31 PM To: FreeRadius users mailing list Subject: Re: Freeradius + LDAP for WPA-Enterprise Gary Gatten wrote: > You forced ALL Authentication requests to use LDAP. EAP / LDAP don't play > well together. Remove the "Auth Type LDAP" - for now. > If I remove that the radtest failed for a LDAP-User. It returns a rejected Message. > As for accomplishing your goal, unfortunately others will have to help you > with that - I don't know FR/LDAP/EAP well enough. But, I don't THINK you can > authenticate EAP requests against LDAP directly because of the "no clear text > password" issue. > How else would you authenticate a WPA(2)-Enterprise with Radius using LDAP-Accounts? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
