"Christopher Price" <[EMAIL PROTECTED]> wrote: > I was told to change as little as possible in the configuration files > and PEAP/MSCHAPv2 using Microsoft's 802.1x client with and LDAP backend > DB would work fine. This is not the case and I would appreciate any > suggestions on what to modify to make this work.
OK... > The only portion of the config that I changed was the ldap module > section (to point to my ldap server) and the ldap line in the > authorize section (uncommented the single line). You have to configure the tls{} subsection of eap.conf, too. > I have included some output from the server when I attempt to > authenticate. You've edited the output. Don't do that. It makes it impossible for anyone to help you. > rad_recv: Access-Request packet from host 172.16.83.1:32830, id=20, > length=111 > User-Name = cprice > NAS-IP-Address = 172.16.80.4 > NAS-Port = 29 > NAS-Port-Type = Wireless-802.11 > Calling-Station-Id = 00904B91CCAF > Called-Station-Id = 000B86010C80 > Framed-MTU = 1300 > EAP-Message = 0x0217000b01637072696365 > Message-Authenticator = 0xa125c1b253031500294644d1f713050e > rlm_ldap: - authorize There should be a LOT more text between the "Message-Authenticator" line and the "rlm_ldap" line. If you don't understand why it doesn't work, you don't know which parts of the debug log are important, so editing it means you WILL delete the important bits, making it impossible for anyone to help you. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html