Cisco WLC PEAP/MSCHAPv2 - unnecessary ldap lookups?

Ivan Kalik tnt at kalik.net
Thu Sep 17 23:47:21 CEST 2009


> I will need to do some more research on inner-tunnels, as i'm not too
> familiar with them.

Well it's right beside default server in sites-enabled.
> How would I add the ldap components?

You should comment it in there and commet it out in default virtual server.

>  as part of the
> peap module itself?

No.

> All the documentation i've found on LDAP requires the ldap modules to be
> referenced in both the authorize and authentication sections directly.

You do need it in authorize but not authenticate (you can't do ldap "bind
as user" authentication for peap). Just pass the password from ldap to
radius for authentication.

You didn't copy 1.x configuration files to 2.x server by any chance?

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list