Mack, I Was not trying to "blow you off" by making the statement of reading the archives... I am still, what I consider, a newbie as well...
The statement about a lot of discussion on the subject you are requesting is true so I thought you would be better served checking over those discussions! As for documentation - have you read the rlm-eap and rlm-ldap documentation in the docs directory of the installation package (at least the version 1.0.0-pre1 and later source code) has information on what you are looking for in terms of using eap/tls and ldap together (in the rlm-eap docs). If you can use the pre-release code I would suggest doing so - while 0.9.3 is stable I have found the pre-release code does more [ymmv]... gm.. ----- Original Message ----- From: "Mack" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, June 20, 2004 10:30 PM Subject: Re: radius, 802.1x, eap/tls, and edirectory (ldap) > Gary, > > I had scanned them prior to posting, but there seem to be no solutions to all of the > problems people have with this configuration. My impression is that most of the > "gurus" on the list are assuming WAY too much of some of us newbies. They keep > coming back with the same replies, like "read the faqs, readme, rfc, etc., etc." But, > that begs the question: If that's going to be the reply each time, then why even > bother with the list in the first place? Oh, well. I am definitely taking a more indepth > look at the archives, though, as you've suggested. If nothing else, maybe that will > help me form better questions. Thanks for the help! > > mack > > On 19 Jun 2004 at 6:34, Gary McKinney wrote: > > > Mack, > > > > Check the email archives over the last three months - there is a great > > deal of information on using EAP/TLS and how to use LDAP with > > freeradius (including example snippets). > > > > gm... > > ----- Original Message ----- > > From: "Mack" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Friday, June 18, 2004 11:52 PM > > Subject: radius, 802.1x, eap/tls, and edirectory (ldap) > > > > > > > Hi, > > > > > > I'm a newbie to all of this, so please bear with me. This list is > > > all > > I've got! > > > > > > We are introducing a wireless infrastructure on our campus (a little > > > late > > in the game). > > > Right now we're in testing phase. In this testing phase, We are > > > using > > several 3com > > > 7250 AP's, some 3com cards capable of 802.1x, and Novell eDirectory > > (LDAP). My > > > requirement is to enable 802.1x authentication to the AP's using > > > EAP/TLS. Additionally, I need to be able to authenticate the users > > > to Novell via > > LDAP. All via > > > the FreeRADIUS server. > > > > > > I have configured freeradius version 0.9.3 to work successfully with > > > only > > ldap > > > authentication against Novell eDirectory. I have also verified that > > 802.1x > > > authentication is working with the AP. However, if I attempt to > > > somehow > > enable both > > > authentication mechanisms, I fail. The logs keep passing the EAP > > > username (common name from cert) to ldap and of course ldap spits it > > > out because > > the object > > > does not exist. > > > > > > Again, I'm new to this, and maybe I have made incorrect assumptions > > > of > > what the > > > end result should be. Maybe this isn't even possible, but here's > > > what I > > had hoped to > > > come away with: the wireless user boots their laptop, then gets > > authenticated via > > > eap/tls. They then open a browser, and are asked for username and > > password (via > > > dialog box?), or either redirected to a login page. The username > > > and > > password are > > > then passed to ldap for authentication. Successful authentication > > > results > > in the client > > > being given internet access. Is this possible? Or, am I totally > > misunderstanding how > > > this is all supposed to work (very likely)? > > > > > > I must admit, I'm not very comfortable when working with the config > > > files. > > Not too > > > sure what I'm doing in there. I tackled this whole project somewhat > > blindly, with the > > > help of various bits of info I gathered from google searches. I do > > > need > > to obtain a > > > good book on this stuff...that's obvious...but I am hoping that > > > someone on > > this list > > > has experience with getting freeradius to work with eap/tls and > > > novell > > ldap > > > authentication and is willing to share that experience and wisdom. > > > > > > (Embarrassed) Sorry again for the newbie-ness of this post, and > > > thanks in > > advance > > > for any help! > > > > > > mack > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by the CSU Email Gateway, and is > > > believed to be clean. > > > > > > > > > - > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > > --- > > [This E-mail scanned for viruses by Declude Ant-Virus Scanner] > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > -- > > This message has been scanned for viruses and > > dangerous content by the CSU Email Gateway, and is > > believed to be clean. > > > > > > -- > This message has been scanned for viruses and > dangerous content by the CSU Email Gateway, and is > believed to be clean. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- [This E-mail scanned for viruses by Declude Ant-Virus Scanner] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
