So the big question is, what Auth-Type do I use ? If LDAP is not permitted (still confuses me as I only need / want radius to authenticate against LDAP) what Auth-Type do I set in the users file so that Wireless users can authenticate using their ADS username and passwords.
On 4/23/07, Jacob Jarick <[EMAIL PROTECTED]> wrote: > Forgive the newbie questions but I think its best to clear up confusion. > > client -> cisco -> FR server = eap > > FR -> ADS 2003 = pap > > Is that correct or am I way off track. > > On 4/23/07, Alan DeKok <[EMAIL PROTECTED]> wrote: > > Jacob Jarick wrote: > > > Thanks again Alan, > > > For reference the oriellys LDAP book instructs you to set "Auth-Type > > > := LDAP" so thats where I got the bad reference (perhaps other people > > > to). > > > > Yes. There is a LOT of documentation (web pages, etc.) that say to do > > the wrong thing. It's unfortunate that the people writing those don't > > read the FreeRADIUS docs first, and don't ask us to review their > > configuration. > > > > > Now lets see if I understood the tables correctly. > > > > > > PAP is the only method that will support LDAP bind as user ? > > > > It's the other way around. LDAP "bind as user" only works with PAP. > > > > > When Using PAP -> LDAP will I still have to map userPassword to > > > User-Password ? > > > > No. > > > > I've added some more code that will go into 1.1.7 && 2.0. If the LDAP > > module succeeds in retrieving a password from LDAP, it does NOT set > > Auth-Type to LDAP. > > > > > Will there be extra configuration required on free radius to make use > > > of pap -> ADS ldap or will it work automatically because ldap is > > > configured in the modules {} section. > > > > I would ask what other authentication protocols you need to support > > before suggesting to set Auth-Type to LDAP. > > > > > Wont using PAP mean plain text password from client -> cisco wap -> > > > radius -> ADS server ? > > > > No. 802.1x uses EAP, which is NOT PAP, and which is NOT compatible > > with Auth-Type = LDAP. > > > > Alan DeKok. > > -- > > http://deployingradius.com - The web site of the book > > http://deployingradius.com/blog/ - The blog > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html