Frank Smith wrote:
Thanks for all your replies. This is simply to do 802.1x
authentication. Nothing to do with wireless. This is my first whack at
radius all together. Based on what you guys are saying, it sounds like
Radius -> Pam -> Pam-LDAP -> Active Directory sounds like the way to
go. Any objections?
If you are using the standard windows XP supplicant, LDAP will not
support any of the mechanisms available. The mechs are the same as on
the wireless side and are:
1. EAP-MD5 - requires IAS and reversible passwords on the DC
2. MS-CHAP - requires samba/ntlm_auth
3. EAP-TLS - requires certificates, does not need nor can use LDAP
4. EAP-PEAP+MS-CHAP - as per 2
So LDAP will not help you. There is no EAP-PAP in XP, nor EAP-PEAP+GTC.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html