Thanks for your reply, and your time, Alan. Apparently these APs do care, has been tested and is stated in Skypilot documentation. i have moved on. I jumped the gun with my post to the board out of frustration- restarting winbind on the server, a last minute flail of desperation, magically made the setup work as it should have. This machine runs a squid proxy as well as freeradius, and my suspicion is that there is some winbind contention in play here. Of course, the EAP.conf notes re: samba bugs and the freeradius FAQ dont address this issue as it is outside of the scope of those docs. As you are fond of saying, "the defaults work". Nolan
On 8/17/2010 at 11:48 PM, in message <4C6B822F.3010400@deployingradius.com>, Alan DeKok <aland@deployingradius.com> wrote: Nolan King wrote: Due to some Skypilot APs that do not support EAP-TLS
Huh? Access points don't care about the EAP method.
(requiring client certs) i am working on getting tunneled peap happening, authenticating against AD. After following the excellent READMEs and other instructional material at deployingradius and freeradius.org I have a successful configuration that access-accept's with EAP-TLS as well as cleartext passwords. My homegrown certs work well with my AP (a cisco 1130AG for testing) and EAP-TLS, but i cannot get an access-accept with tunneled peap. A bad password will return access-reject, pap logins work, but a good AD login gets stuck at an access-challenge.
Read the FAQ, and "eap.conf".
This specific issue is addressed.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html