johnboy68 wrote: > I have ntlm_auth working. I can auth my AD users with this command: > > radtest -t mschap aduser aspassword localhost 0 testing123 > > And it works.
Good! > My problem is when I configure one of my Cisco switches to do 802.1x and > authenticate with Freeradius my Windows (Windows 7 and Vista) machines fail > to get authorized with the Windows supplicant. I am running Freeradius in > debug mode and have tried to trace down where it is failing on my own but > since I have no experience in this area I am just chasing my tail. Is it a > problem with PEAP, EAP, TLS? Do I need a certificate? I just don't know > and if I did I wouldn't know how to configure it. I have not been able to > find any conclusive documentation in this area. The Wiki describes this. See the "Certificate Compatibility" page. See also my AD integration guide: http://deployingradius.com. That should be pointed to from the Wiki, too. That guide contains *detailed* instructions for what to do. The only time it hasn't worked for people is when they didn't follow its instructions. > I could put the output here of what Freeradius outputs during a connection > attempt but I since I am testing this in our production environment, I don't > want to put that kind of information out in a public forum. Run it in debug mode and read the output. What does it say? What warnings / errors does it produce? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html