Thanks very much everyone, specially Phil, Alan and the rest who helped me but I cant recall just now. I Have fiiinally got it going (properly this time to).
Here is a quick outline of my setup, I may write a detailed howto later on. Windows XP home client -> cisco wap -> freeradius on Fedora -> Windows 2003 ADS FREERADIUS: I used EAP-TTLS as the encryption / tunneling. Used certs (needed for TTLS) that came with rpm. Used PAP inside of EAP-TTLS (sends plain text password which ldap expects) WINDOWS SERVER: * Add 1 user with password for ldap searching (cant remember if user needs special permision to search LDAP). * Fortunately not much config is needed on the server, enabling anonymous LDAP searching is very handy when figuring out a new domain and its users. WINDOWS XP CLIENTS: I reccomend using SecureW2 on XP clients as it allows you to use PAP inside of EAP. Configure clients with these options: My windows client details: Network Authentication: Open Data Encryption: WEP the key is provided for me automatically: (ticked) EAP type: SecureW2 Authenticate as a computer: (unticked) Authenticate as a guest: (unticked) Securew2 config details: use alternate outer identity: (unticked) verify server cert: (unticked) Select Authentication Method: PAP Prompt user for credentials: (ticked) http://www.securew2.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html