On Sat, Mar 17, 2012 at 11:54 AM, Julie Chen <ch...@ssc.ucla.edu> wrote: > > Yes, I understand that. But I'm having little problem figure out right > configuration. Would someone please advice on the configuration file?
I'd start with reading this: http://wiki.freeradius.org/Protocol%20Compatibility (or the original page in deplyingradius.com). Since you have crypt password, you can only use PAP, EAP-GTC, or TTLS-PAP. > > [pap] WARNING: Auth-Type already set. Not setting to PAP > ++[pap] returns noop > Found Auth-Type = MSCHAP The client chooses what authentication method to use. You need to tell the client NOT to use EAP-PEAP-MSCHAPv2 (which is the default one that windows client would use), and use TTLS-PAP or EAP-GTC instead. The bad news is that none of those two is natively supported by windows <=7. You need to either: - get a third-party supplicant (e.g. windows version of wpa-supplicant, xsupplicant, or securew2). OR - use another method to store your users crededential, either storing the password in plain text or NT-HASH, or use AD. > # Executing group from file /etc/raddb/sites-enabled/inner-tunnel > > I'm using the default inner-tunnel just added ldap at the authorize. That's the correct way to configure the server. No need to change that. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
