It might be best to handle this through the freeradius list serve. They can be quite helpful in debugging authentication and authorization issues.
You can send a debug trace to the list and they'll give you a hand. http://www.freeradius.org/list/users.html There's a link to the archives on the page. -----Original Message----- From: Emily Harris [mailto:[EMAIL PROTECTED] Sent: Friday, July 06, 2007 8:43 AM To: [email protected] Subject: [WIRELESS-LAN] 802.1x without AD or LDAP? Thanks for all the replies - I'll try to answer just in summary: 1. freeRADIUS - check; used it last year when using webauth. We made it default auth-type = accept and kick off a script, which then returned a 1 or 0; worked swimmingly 2. Supplicant - got that, using securew2, works great when using local user/password combo in RADIUS users file 3. EAP Type - check; we are indeed using just EAP-TTLS and PAP in our testing. 4. /etc/shadow is standard MD5 crypt So it seems like we are already doing all the right things. Clearly we are missing something, because it just doesn't work. Again, we are testing now with local passwd/shadow on the RADIUS server itself, to cut out any and all complexities of the script. I'm still curious if anyone has actually gotten it to work - I feel like we're missing something very, very simple. -- Emily Harris, BC '95 Associate Director, Network & Systems Barnard College, MINS Department 3009 Broadway, New York, NY 212-854-8795 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
