I highly recommend Freeradius.org. But if Linux is not your thing, I think IDengines might be able to pull this off.
On Wed, Jul 23, 2008 at 10:27 AM, Jeroen van Ingen < [EMAIL PROTECTED]> wrote: > You could try a different Radius server... we use Radiator > (http://www.open.com.au/radiator/) but eg FreeRADIUS > (http://freeradius.org/) is also a good choice. Both support a wide > variety of EAP methods, including PEAP and EAP-TTLS. Actually, we > support both on our wireless network (but prefer EAP-TTLS). Our Radius > servers authenticate clients using PEAP against an LDAP server and > clients using EAP-TTLS against a UNIX password file, but EAP-TTLS is > also possible against LDAP. > > Also worth browsing: www.eduroam.org. Even if your institution does not > join the eduroam federation, the cookbook on the site contains useful > information about Radius setups. > > > Best regards, > > Jeroen van Ingen > ICT Service Centre > University of Twente, P.O.Box 217, 7500 AE Enschede, The Netherlands > > > ----Original Message---- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:[EMAIL PROTECTED] On Behalf Of John York > Sent: woensdag 23 juli 2008 15:56 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] PEAP/MS-CHAPv2 and LDAP problems > > > That's pretty much what I've run into. Do you know of something else > > I could use in place of ACS to query ldap? We're part of the > > Virginia Community College System, and they own the student database > > and only provide ldap, so I'm stuck there. If we don't install stuff > > on the student machines (SecureW2) and don't build a PKI for the > > students we're stuck with PEAP-MSCHAPv2--there's a collision in the > > middle at the ACS. > > > > I'm going to try SecureW2 with TTLS. It says it supports PAP, and > > the ACS PEAP-GTC says it supports PAP, maybe I'll get lucky. That > > still means installing SecureW2, tho. > > > > Thanks > > John > > > > -----Original Message----- > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > > [mailto:[EMAIL PROTECTED] On Behalf Of Case, > > Brandon J > > Sent: Wednesday, July 23, 2008 8:42 AM > > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > > Subject: Re: [WIRELESS-LAN] PEAP/MS-CHAPv2 and LDAP problems > > > > If you're using ACS with an external LDAP database then you're > > limited to EAP-FAST, PEAP-GTC, or EAP-TLS according to the ACS > > documentation. We did run into a similar problem but decided to > > access the user database via RADIUS instead (we have a proprietary, > > home-grown system which is accessible via RADIUS or LDAP), and ACS > > does allow the use of > > PEAP-MSCHAPv2 in that setup. If you're set on using ACS then your > > options are configuring the external user database as a LEAP Proxy > > RADIUS Server or having all the accounts locally on the ACS box. > > > > Reference information here: http://tinyurl.com/5umk8l > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
