Hello Folks,
All I can say is WOW! Too be quite honest I had given up on making
FreeRadius work with Cisco's WDS and WLSE. In my particular situation we
also had a licensed Cisco ACS 3.x (now 3.3) server however, we weren't
particularly happy about exposing it to an untrusted Wi-fi network
considering it also provides authentication services to the rest of our
network resources. That's were I saw FreeRadius as an excellent fit.
To update my original post I had gotten LEAP to work with clients
(after the fact). My problem was I fooled with trying to get WDS LEAP
functioning with a WLSE to the point that I could no longer see the "forest
for the trees". Hence I jumped to the conclusion that LEAP support was just
screwed in FreeRadius! :-( After a fresh configuration from the AP's up to
FreeRadius I had gotten LEAP to work for authenticating users.
I would like to thank everyone for their efforts, especially Richard
Timsit his diagnostic efforts and posting of the necessary patches.
FreeRadius is an excellent product that in my opinion rivals any commercial
package available today (a webmin module for a GUI might be a nice addition
;-)). Now, it's back to the R&D cycle for me to test WDS-WLSE LEAP
functionality again.
Thank You All for your help, insight, and time!
Jim
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Richard
Timsit
Sent: Tuesday, September 07, 2004 11:54 AM
To: [EMAIL PROTECTED]
Subject: Re: Is there some kind of trick to make Cisco LEAP work???
> Richard,
>
> Thanks for that input, it sounds very straightforward to me. I'll try
> your patches on Tuesday (�Monday is a holiday here). Have you brought
> this up with Cisco? If not, I will open a case next week. I'd like
> to know whether Cisco's leap/eap developers intended for the ID to not
> increment-- or whether they've made a mistake against their own
> standard.
>
Ok, nice if you open a case to Cisco. Their leap-software of WLSE is buggy,
(not the same as their access points) :-)
> I'd like to use the same freeradius server for WLSE/APs as for other
> non-LEAP clients, such as TLS/PEAP. Since your patch to rlm_eap.c
> should only kick in when reply->type.type == PW_EAP_LEAP, there
> should be no problem, wouldn't you say?
>
Ok, if you have only non-LEAP clients. But you need to path every new relese
of freeradius you need...
Bests regards.
+--------------------------------------+
| ??? |
| {O-O} Richard Timsit |
| ^_ SIC STI |
| / T \_ EPFL Lausanne |
| '` I " 1015 Ecublens,SUISSE |
| M (021) 693 22 35 |
| | | [EMAIL PROTECTED] |
| I I |
+--------------------------------------+
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
