On Wed, Mar 7, 2012 at 4:57 AM, Scott McLane Gardner <sgar...@uark.edu> wrote: > > > On 3/6/12 3:55 PM, "Fajar A. Nugraha" <l...@fajar.net> wrote: > >>On Wed, Mar 7, 2012 at 4:28 AM, Scott McLane Gardner <sgar...@uark.edu> >>wrote: >>> If anyone cares, I got this working by calling a script that contained >>>the >>> following: >> >>That's odd. Did you properly setup the AD as LDAP server in >>raddb/modules/ldap (or whatever file name you use)? > > No, I didn't set it up as an LDAP server since you apparently can't use > LDAP and EAP at the same time. (Unless I'm reading the documentation > wrong.)
Yes, you can :) You CAN'T use some EAP types (e.g. EAP-PEAP-MSCHAPv2) when authenticating using LDAP bind (i.e. set Auth-Type to LDAP). You CAN use LDAP as a plain database no matter what authentication method you use (in this case you're simply using it for group check, not for authentication). -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html