Thanks alot everyone

Jacob Jarick mem.namefix at
Mon Apr 30 08:30:29 CEST 2007

Thanks very much everyone, specially Phil, Alan and the rest who
helped me but I cant recall just now. I Have fiiinally got it going
(properly this time to).

Here is a quick outline of my setup, I may write a detailed howto later on.

Windows XP home client -> cisco wap -> freeradius on Fedora -> Windows 2003 ADS

I used EAP-TTLS as the encryption / tunneling.
Used certs (needed for TTLS) that came with rpm.
Used PAP inside of EAP-TTLS (sends plain text password which ldap expects)

* Add 1 user with password for ldap searching (cant remember if user
needs special permision to search LDAP).
* Fortunately not much config is needed on the server, enabling
anonymous LDAP searching is very handy when figuring out a new domain
and its users.

I reccomend using SecureW2 on XP clients as it allows you to use PAP
inside of EAP.
Configure clients with these options:

My windows client details:
Network Authentication: Open
Data Encryption: WEP
the key is provided for me automatically: (ticked)
EAP type: SecureW2
Authenticate as a computer: (unticked)
Authenticate as a guest: (unticked)

Securew2 config details:
use alternate outer identity: (unticked)
verify server cert: (unticked)
Select Authentication Method: PAP
Prompt user for credentials: (ticked)

More information about the Freeradius-Users mailing list