> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:freeradius-users- > [EMAIL PROTECTED] On Behalf Of Ivan Kalik > Sent: Thursday, June 12, 2008 12:20 PM > To: FreeRadius users mailing list > Subject: RE: FreeRadius/eDirectory/802.1X authentication issue > > >Dumb question perhaps, but without configuring LDAP, how does EAP-TLS > >know where to send authentication requests? > > > > EAP-TLS is certificate based authentication. All you need in order to get > authenticated is a valid certificate. Do you mean authorization?
Ahh, your answer just made our current RADIUS configuration more understandable to me! As I may have mentioned, I inherited this setup from someone else who left the district. The way it is currently working, we do not have to install certificates on a laptop. The "Validate server certificate" option on our laptops' wireless configuration is turned off. The idea was to keep it as simple as possible for users, yet maintain some semblance of security. Apparently, the way we're doing it right now is using EAP-TLS with PEAP authentication, which is passing the user's credentials through an encrypted tunnel to the RADIUS server, which is in turn passing the credentials through to eDirectory via LDAP. At least, I *think* I'm explaining that correctly. :) I'd like to maintain that setup with FreeRADIUS 2.0.5, but I'm still having a hard time following the configuration and authentication path with the current 1.1.0 setup. Thanks! Bryce Newall Systems Administrator Poway Unified School District (858) 679-2576 [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html