Thanks again Alan, For reference the oriellys LDAP book instructs you to set "Auth-Type := LDAP" so thats where I got the bad reference (perhaps other people to).
Now lets see if I understood the tables correctly. PAP is the only method that will support LDAP bind as user ? I should comment out " Auth-Type LDAP { ldap } " And as always some follow up questions: When Using PAP -> LDAP will I still have to map userPassword to User-Password ? Will there be extra configuration required on free radius to make use of pap -> ADS ldap or will it work automatically because ldap is configured in the modules {} section. Wont using PAP mean plain text password from client -> cisco wap -> radius -> ADS server ? On 4/23/07, Alan DeKok <[EMAIL PROTECTED]> wrote: > Jacob Jarick wrote: > > My problem is the ldap password retrieved from the windows client is > > not being sent to the ldap server. > > The problem is that you have configured "Auth-Type := LDAP", and then > sent the server an 802.1x authentication request. Do NOT set Auth-Type = > LDAP. This is repeated all over the place in the configuration files, > the documentation, and on this list. > > In fact, just delete "ldap" from the "authenticate" section. If you > can get PAP working with that setup, then 802.1x && EAP should work, too. > > Make sure that FreeRADIUS is retrieving the password from LDAP. If > you have FreeRADIUS doing "bind as user" to LDAP, then it is NOT > retrieving the password from LDAP. > > See: http://deployingradius.com/documents/protocols/ > > And the two other web pages linked to from that page. > > > The weird thing is It was working fine friday. > > Because you were doing PAP authentication. > > I'm half inclined to remove "ldap bind as user" from the server > entirely. It confuses too many people, and causes too many problems. > > Alan DeKok. > -- > http://deployingradius.com - The web site of the book > http://deployingradius.com/blog/ - The blog > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html