On Wed, Nov 16, 2011 at 12:57 PM, Angelica Delgado <[email protected]> wrote: > We configured ldap module to connect to our Active Directory as a ldap > server. This is currently working. Do we need to change this configuration > in order to start using eap-ttls?
err ... no, but unless you use ntlm_auth you would've needed to do ldap bind, which means you can't use MSCHAP. If you can tolerate that than it should be no problem. > We read on the ldap module that it does > not supports eap. If this is true? > Where did you read that? I used eap-peap-gtc with a lotus domino ldap server, and it works just fine. I can NOT use it for eap-peap-mschapv2 though (due to the ldap bind requirement). You CAN use eap-peap-MSCHAPv2 with AD, but only if you also use ntlm_auth (see the links I sent earlier). -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
