802.1x, EAP and LDAP
Alan DeKok
aland at deployingradius.com
Tue Mar 4 09:40:20 CET 2008
Mike Richardson wrote:
> I posted the configs in the original email - was there anything in there
> which looked completely out of place?
No idea. Honestly, I rarely look at configurations. There's just too
much stuff there. I look at debug logs. And if the configuration has
big problems, it's *really* not worth my time to look. That's why I
keep saying "start with the default config"
>>> How does the config know to use PAP rather than CHAP/MSCHAP?
>> Because all of the experience of the developers working for years with
>> RADIUS is distilled into the configuration files.
>
> Is there any documentation on how this works? I would like to know.
raddb/radiusd.conf. In short, the RADIUS Access-Request contains all
of the information the server needs to determine the authentication
method. The only requirement on the local administrator is to somehow
tell the server a Cleartext-Password.
> I don't mind fighting for a week if it works at the end and I have a better
> understanding. At this point it doesn't work but I do have a better
> understanding. Most software takes more than 10 minutes to understand and
> configure and I wouldn't be confident in my ability to support it campus
> wide if I'd only spend 10 mins on it. I don't believe in asking for help
> without doing as thorough as job as I can in experimenting and learning.
Sure. But the default configuration is *really* that simple for basic
things like LDAP, SQL, and 802.1x. And version 2.0 is even easier.
Alan DeKok.
More information about the Freeradius-Users
mailing list