Mike Richardson wrote:
The suggestions made so far have been to uncomment this authenticate entry. Once working should I be looking at commenting it out again and getting EAP to work without the above bind?
No. If you're using TTLS + PAP, it's fine. For PEAP, it's impossible...
Ah, after another google search I've found another Novell article on freeradius:
https://secure-support.novell.com/KanisaPlatform/Publishing/558/3009668_f.SA...
which suggests using 'tls_mode=yes' and the port as 636. I've tried it and it works - I can authenticate! However this option doesn't appear in the radiusd.conf - is it deprecated or just not documented?
It seems that Novell has updated their documentation without telling us. Nice. See why I say it's not the fault of FreeRADIUS?
Seems that eDirectory needs an encrypted session before it'll present the password in clear text. Makes sense.
I've also tried it with 'start_tls=yes' and port as 389, this also seems to work. Which is the prefered method? Novell suggest the former but as it isn't documented...
If it works, ship it. Alan DeKok