Thank you for your response. We test EAP-TTLS with enterasys swithes with supplicant odyssey client and FUNK steelbelted radius server. it works. So the Enterasys switches support EAP-TTLS.
But we cant buy odyssey at this point. so we had to enable EAP-TTLS on windows XP client with securew2 But securew2 didnt work with FUNK steel-belted radius server(I am not sure). I found that securew2 works with freeradius. that is what we are trying to do. ldap server on edirectory only support PAP. That is why we have to use EAP-TTLS â PAP . NOT: I can not do EAP-MD5 authentication also with Freeradius server. Thanks, Taylan >>> [EMAIL PROTECTED] 3/10/2005 2:36:53 AM >>> TAYLAN KIRAN wrote: > We are trying to auhtenticate our XP users with EAP-TTLS. we enabled >EAP-TTLS support with securew2 >product. our users are on Edirectory via ldap. We have enterasys >switches. >when switches authenticate users they should receive the following >string to set port policy. >Filter-Id = "Enterasys:version=1:mgmt=su:Policy=cit" > >this string is stored in Filter-Id field on edirectory. when user >authenticate ldap servers should return >value of this field and freeradius server should send this string to >switch. > >what should we do. I search all mail list but I cant find any >information that is valuable for us. >At this point I have two question. How can we return the required field >from Edirectory by using ldap. >second one is about certificate. > > From what I know Enterasys supports EAP-MD5 only on their switches. I have it working with OpenLDAP and by adding following radiusFilterId attribute ie. radiusFilterId: "Enterasys:version=1:policy=Enterprise User" In ldap.attrmap you need to have something like Filter-Id radiusFilterId I wrote a HOWTO how I did it. http://vuksan.com/linux/dot1x/802-1x-LDAP.html Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html