Ah, that was it, thanks! Amazingly enough although I didn't think it was possible, i was able to get eap-ttls-pap working even with openldap users that have a ssha encrypted password by making it so pap attempts to bind as that user instead of doing a password compare. given that i'm only setting up freeradius for this purpose (famous last words), is there anything inherently wrong with this approach?
----- Original Message ----- From: "Alan DeKok" <al...@deployingradius.com> To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Sent: Wednesday, May 26, 2010 11:11:50 AM GMT -05:00 US/Canada Eastern Subject: Re: another wpa/ldap issue Brian Dial wrote: > hello everyone, i have a typical wpa + radius + ldap issue. Im using > freeradius 2.1.6. i've tried to follow the 'dont edit anything but the ldap > module, it will figure it out' mantra as much as possible. i have an > openldap server and the test user i'm using has a plain text password. here > is my ldap module config > and now when i run the radtest there is no error, and it pretty much works > the same. Now I setup my cisco 1200 series ap to point to the freeradius > server and configured a laptop to try to connect via EAP-TTLS with PAP. Here > is the debug Edit raddb/sites-available/inner-tunnel, just like you edited raddb/sites-available/default. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html "RK&K" and "RK&K Engineers" are registered trade names of Rummel, Klepper & Kahl, LLP, a Maryland limited liability partnership. This message contains confidential information intended only for the person or persons named above. If you have received this message in error, please immediately notify the sender by return email and delete the message. Thank you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
