Hi I'm currently setting up a radius server to authenticate EAP based requests against Active Directory.
Using Alan Dekok's guide I've got this authenticating mschap based EAP requests successfully. I also want to authenticate ttls/pap requests and I've found two ways to do this that seem to work. Method 1 is based on whats in http://freeradius.1045715.n5.nabble.com/EAP-TTLS-w-PAP-using-ntlm-auth-td2773260.html Method 2 is to use LDAP for pap authentications. All things being equal my preference is to use Method 1 as it keeps all authentications the same, however the: if (!control:Auth-Type) { update control { Auth-Type = ntlm_auth_pap } } In the inner-tunnel/authorize section seems a bit like a hack. Is there a better way to do this ? Is either method particularly better than the other ? Regards Mike Axford -- Mike Axford Enterprise Systems iSolutions University of Southampton Southampton SO17 1BJ Email: [email protected] Phone: 023 8059 5337 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
