Re: TTLS-PAP authentication with LDAP bind
Richard Hesse wrote:
> If I force the Mac or Windows supplicants to use TTLS-PAP, the request is never
> passed to radiusd.
The NAS is broken.
> I don't know what's going on but my AP (Aruba 200) seems to be detecting that
> something isn't right with its AAA server
Disable the Aruba AAA server. If you're using FreeRADIUS, you DO NOT
need the Aruba AAA server.
> and not passing the request on. If I change the supplicants to use their default
> settings, the requests are sent to FreeRadius, but the requests fail.
Again,
> the Aruba seems to think that something is wrong and presents its
> certificate instead of my server's.
Disable the Aruba AAA server.
> Yes, I've run the server in debug mode (there are no requests coming in).
Then the NAS is broken.
It's not rocket science: If FreeRADIUS isn't getting any requests,
then there is NOTHING YOU CAN DO to FreeRADIUS to fix the problem.
The NAS is broken. Disable its AAA server. I can't emphasize that
enough.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.