Re: EAP-TTLS - FreeRadius - Ldap - Edirectory -Enterasys - 802.1x
Thank you for your response. We test EAP-TTLS with enterasys swithes with supplicant odyssey client and FUNK steelbelted radius server. it works. So the Enterasys switches support EAP-TTLS. But we cant buy odyssey at this point. so we had to enable EAP-TTLS on windows XP client with securew2 But securew2 didnt work with FUNK steel-belted radius server(I am not sure). I found that securew2 works with freeradius. that is what we are trying to do. ldap server on edirectory only support PAP. That is why we have to use EAP-TTLS รข PAP . NOT: I can not do EAP-MD5 authentication also with Freeradius server. Thanks, Taylan >>> [EMAIL PROTECTED] 3/10/2005 2:36:53 AM >>> TAYLAN KIRAN wrote: > We are trying to auhtenticate our XP users with EAP-TTLS. we enabled >EAP-TTLS support with securew2 >product. our users are on Edirectory via ldap. We have enterasys >switches. >when switches authenticate users they should receive the following >string to set port policy. >Filter-Id = "Enterasys:version=1:mgmt=su:Policy=cit" > >this string is stored in Filter-Id field on edirectory. when user >authenticate ldap servers should return >value of this field and freeradius server should send this string to >switch. > >what should we do. I search all mail list but I cant find any >information that is valuable for us. >At this point I have two question. How can we return the required field >from Edirectory by using ldap. >second one is about certificate. > > From what I know Enterasys supports EAP-MD5 only on their switches. I have it working with OpenLDAP and by adding following radiusFilterId attribute ie. radiusFilterId: "Enterasys:version=1:policy=Enterprise User" In ldap.attrmap you need to have something like Filter-Id radiusFilterId I wrote a HOWTO how I did it. http://vuksan.com/linux/dot1x/802-1x-LDAP.html Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TTLS - FreeRadius - Ldap - Edirectory -Enterasys - 802.1x
TAYLAN KIRAN wrote: We are trying to auhtenticate our XP users with EAP-TTLS. we enabled EAP-TTLS support with securew2 product. our users are on Edirectory via ldap. We have enterasys switches. when switches authenticate users they should receive the following string to set port policy. Filter-Id = "Enterasys:version=1:mgmt=su:Policy=cit" this string is stored in Filter-Id field on edirectory. when user authenticate ldap servers should return value of this field and freeradius server should send this string to switch. what should we do. I search all mail list but I cant find any information that is valuable for us. At this point I have two question. How can we return the required field from Edirectory by using ldap. second one is about certificate. From what I know Enterasys supports EAP-MD5 only on their switches. I have it working with OpenLDAP and by adding following radiusFilterId attribute ie. radiusFilterId: "Enterasys:version=1:policy=Enterprise User" In ldap.attrmap you need to have something like Filter-IdradiusFilterId I wrote a HOWTO how I did it. http://vuksan.com/linux/dot1x/802-1x-LDAP.html Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-TTLS - FreeRadius - Ldap - Edirectory -Enterasys - 802.1x
Hi, We are trying to auhtenticate our XP users with EAP-TTLS. we enabled EAP-TTLS support with securew2 product. our users are on Edirectory via ldap. We have enterasys switches. when switches authenticate users they should receive the following string to set port policy. Filter-Id = "Enterasys:version=1:mgmt=su:Policy=cit" this string is stored in Filter-Id field on edirectory. when user authenticate ldap servers should return value of this field and freeradius server should send this string to switch. what should we do. I search all mail list but I cant find any information that is valuable for us. At this point I have two question. How can we return the required field from Edirectory by using ldap. second one is about certificate. I know I should create certificate. but CA.all does not work correctly. I take the following error when I execute CA.all . Please enter the following 'extra' attributes to be sent with your certificate request A challenge password [123456]: An optional company name []: Using configuration from /usr/share/ssl/openssl.cnf Error opening CA private key ./radius/private/cakey.pem 1589:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('./radius/private/cakey.pem','r') 1589:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261: unable to load CA private key Error opening input file newcert.pem newcert.pem: No such file or directory Error opening input file cert-srv.p12 cert-srv.p12: No such file or directory Error opening Certificate cert-srv.pem 1592:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('cert-srv.pem','r') 1592:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261: unable to load certificate Regards, Taylan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html