Gary, I had scanned them prior to posting, but there seem to be no solutions to all of the problems people have with this configuration. My impression is that most of the "gurus" on the list are assuming WAY too much of some of us newbies. They keep coming back with the same replies, like "read the faqs, readme, rfc, etc., etc." But, that begs the question: If that's going to be the reply each time, then why even bother with the list in the first place? Oh, well. I am definitely taking a more indepth look at the archives, though, as you've suggested. If nothing else, maybe that will help me form better questions. Thanks for the help!
mack On 19 Jun 2004 at 6:34, Gary McKinney wrote: > Mack, > > Check the email archives over the last three months - there is a great > deal of information on using EAP/TLS and how to use LDAP with > freeradius (including example snippets). > > gm... > ----- Original Message ----- > From: "Mack" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, June 18, 2004 11:52 PM > Subject: radius, 802.1x, eap/tls, and edirectory (ldap) > > > > Hi, > > > > I'm a newbie to all of this, so please bear with me. This list is > > all > I've got! > > > > We are introducing a wireless infrastructure on our campus (a little > > late > in the game). > > Right now we're in testing phase. In this testing phase, We are > > using > several 3com > > 7250 AP's, some 3com cards capable of 802.1x, and Novell eDirectory > (LDAP). My > > requirement is to enable 802.1x authentication to the AP's using > > EAP/TLS. Additionally, I need to be able to authenticate the users > > to Novell via > LDAP. All via > > the FreeRADIUS server. > > > > I have configured freeradius version 0.9.3 to work successfully with > > only > ldap > > authentication against Novell eDirectory. I have also verified that > 802.1x > > authentication is working with the AP. However, if I attempt to > > somehow > enable both > > authentication mechanisms, I fail. The logs keep passing the EAP > > username (common name from cert) to ldap and of course ldap spits it > > out because > the object > > does not exist. > > > > Again, I'm new to this, and maybe I have made incorrect assumptions > > of > what the > > end result should be. Maybe this isn't even possible, but here's > > what I > had hoped to > > come away with: the wireless user boots their laptop, then gets > authenticated via > > eap/tls. They then open a browser, and are asked for username and > password (via > > dialog box?), or either redirected to a login page. The username > > and > password are > > then passed to ldap for authentication. Successful authentication > > results > in the client > > being given internet access. Is this possible? Or, am I totally > misunderstanding how > > this is all supposed to work (very likely)? > > > > I must admit, I'm not very comfortable when working with the config > > files. > Not too > > sure what I'm doing in there. I tackled this whole project somewhat > blindly, with the > > help of various bits of info I gathered from google searches. I do > > need > to obtain a > > good book on this stuff...that's obvious...but I am hoping that > > someone on > this list > > has experience with getting freeradius to work with eap/tls and > > novell > ldap > > authentication and is willing to share that experience and wisdom. > > > > (Embarrassed) Sorry again for the newbie-ness of this post, and > > thanks in > advance > > for any help! > > > > mack > > > > -- > > This message has been scanned for viruses and > > dangerous content by the CSU Email Gateway, and is > > believed to be clean. > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > --- > [This E-mail scanned for viruses by Declude Ant-Virus Scanner] > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- > This message has been scanned for viruses and > dangerous content by the CSU Email Gateway, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by the CSU Email Gateway, and is believed to be clean. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
