On Sat, Mar 17, 2012 at 11:54 AM, Julie Chen <chenj@ssc.ucla.edu> wrote:
Yes, I understand that. But I'm having little problem figure out right configuration. Would someone please advice on the configuration file?
I'd start with reading this: http://wiki.freeradius.org/Protocol%20Compatibility (or the original page in deplyingradius.com). Since you have crypt password, you can only use PAP, EAP-GTC, or TTLS-PAP.
[pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = MSCHAP
The client chooses what authentication method to use. You need to tell the client NOT to use EAP-PEAP-MSCHAPv2 (which is the default one that windows client would use), and use TTLS-PAP or EAP-GTC instead. The bad news is that none of those two is natively supported by windows <=7. You need to either: - get a third-party supplicant (e.g. windows version of wpa-supplicant, xsupplicant, or securew2). OR - use another method to store your users crededential, either storing the password in plain text or NT-HASH, or use AD.
# Executing group from file /etc/raddb/sites-enabled/inner-tunnel
I'm using the default inner-tunnel just added ldap at the authorize.
That's the correct way to configure the server. No need to change that. -- Fajar