802.1x, EAP and LDAP

Alan DeKok aland at deployingradius.com
Tue Mar 4 09:40:20 CET 2008


Mike Richardson wrote:
> I posted the configs in the original email - was there anything in there
> which looked completely out of place?

  No idea.  Honestly, I rarely look at configurations.  There's just too
much stuff there.  I look at debug logs.  And if the configuration has
big problems, it's *really* not worth my time to look.  That's why I
keep saying "start with the default config"

>>> How does the config know to use PAP rather than CHAP/MSCHAP? 
>>   Because all of the experience of the developers working for years with
>> RADIUS is distilled into the configuration files.
> 
> Is there any documentation on how this works? I would like to know.

  raddb/radiusd.conf.  In short, the RADIUS Access-Request contains all
of the information the server needs to determine the authentication
method.  The only requirement on the local administrator is to somehow
tell the server a Cleartext-Password.

> I don't mind fighting for a week if it works at the end and I have a better
> understanding. At this point it doesn't work but I do have a better
> understanding. Most software takes more than 10 minutes to understand and
> configure and I wouldn't be confident in my ability to support it campus
> wide if I'd only spend 10 mins on it. I don't believe in asking for help
> without doing as thorough as job as I can in experimenting and learning.

  Sure.  But the default configuration is *really* that simple for basic
things like LDAP, SQL, and 802.1x.  And version 2.0 is even easier.

  Alan DeKok.





More information about the Freeradius-Users mailing list