EAP-TTLS with PAP inner tunnel for Cisco 1100 series AP

James Smallacombe up at 3.am
Wed Oct 27 17:29:02 CEST 2010


On Wed, 27 Oct 2010, Alan DeKok wrote:

> James Smallacombe wrote:
>> However, I need to get this working with a newer, more complex setup
>> that's using Pam, Ldap, ippools, groups, etc.  I just installed 2.1.10
>> with OpenSSL support (had to run ldconfig afterwards, though).  It's
>> able to authenticate Pam and LDAP for apache and PPTP users fine.
>> However, I need to be able to auth users from a Cisco 1142N Controller
>> based LW AP. The test user (Macbook) is configured to do 802.1X TTLS
>> auth only with PAP as the inner tunnel.  Worked ok with the old server,
>> as mentioned. However, on the new one, this is the debugging info I get
>> (I'll try to keep it to what's relevant):
>
>  As always, start off with the default config. and make small changes.
> TTLS works, LDAP works, TTLS + LDAP works, etc.  So there shouldn't be
> any problem with the technology.  It's just how exactly will it be
> configured...

I never doubted the technology, only myself. :-/ As it turns out, I was as 
usual, way overthinking the problem.  After wasting several hours playing 
with certificates, eap.cnf, etc, it turns out the real problem was just 
that I needed to uncomment "pam" in sites-available/inner-tunnel.

James Smallacombe		      PlantageNet, Inc. CEO and Janitor
up at 3.am							    http://3.am
=========================================================================



More information about the Freeradius-Users mailing list