Flaky AP or borked Config? EAP-PEAP
Nolan King
nking at mnwd.com
Wed Aug 18 18:37:01 CEST 2010
Thanks for your reply, and your time, Alan. Apparently these APs do care, has been tested and is stated in Skypilot documentation. i have moved on.
I jumped the gun with my post to the board out of frustration- restarting winbind on the server, a last minute flail of desperation, magically made the setup work as it should have. This machine runs a squid proxy as well as freeradius, and my suspicion is that there is some winbind contention in play here. Of course, the EAP.conf notes re: samba bugs and the freeradius FAQ dont address this issue as it is outside of the scope of those docs.
As you are fond of saying, "the defaults work".
Nolan
>>> On 8/17/2010 at 11:48 PM, in message <4C6B822F.3010400 at deployingradius.com>,
Alan DeKok <aland at deployingradius.com> wrote:
> Nolan King wrote:
>> Due to some Skypilot APs that do not support EAP-TLS
>
> Huh? Access points don't care about the EAP method.
>
>> (requiring client certs) i am working on getting tunneled peap happening,
> authenticating against AD. After following the excellent READMEs and other
> instructional material at deployingradius and freeradius.org
>> I have a successful configuration that access-accept's with EAP-TLS as well as
> cleartext passwords. My homegrown certs work well with my AP (a cisco 1130AG
> for testing) and EAP-TLS, but i cannot get an access-accept with tunneled peap.
> A bad password will return access-reject, pap logins work, but a good AD login
> gets stuck at an access-challenge.
>
> Read the FAQ, and "eap.conf".
>
> This specific issue is addressed.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list