802.1x, EAP and LDAP
Alan DeKok
aland at deployingradius.com
Tue Mar 4 14:24:56 CET 2008
Mike Richardson wrote:
> The suggestions made so far have been to uncomment this authenticate entry.
> Once working should I be looking at commenting it out again and getting EAP
> to work without the above bind?
No. If you're using TTLS + PAP, it's fine. For PEAP, it's impossible...
> Ah, after another google search I've found another Novell article on
> freeradius:
>
> https://secure-support.novell.com/KanisaPlatform/Publishing/558/3009668_f.SAL_Public.html
>
> which suggests using 'tls_mode=yes' and the port as 636. I've tried it and
> it works - I can authenticate! However this option doesn't appear in the
> radiusd.conf - is it deprecated or just not documented?
It seems that Novell has updated their documentation without telling
us. Nice. See why I say it's not the fault of FreeRADIUS?
> Seems that eDirectory needs an encrypted session before it'll present the
> password in clear text. Makes sense.
>
> I've also tried it with 'start_tls=yes' and port as 389, this also seems to
> work. Which is the prefered method? Novell suggest the former but as it
> isn't documented...
If it works, ship it.
Alan DeKok
More information about the Freeradius-Users
mailing list