EAP-TTLS with PAP inner tunnel for Cisco 1100 series AP
James Smallacombe
up at 3.am
Wed Oct 27 17:29:02 CEST 2010
On Wed, 27 Oct 2010, Alan DeKok wrote:
> James Smallacombe wrote:
>> However, I need to get this working with a newer, more complex setup
>> that's using Pam, Ldap, ippools, groups, etc. I just installed 2.1.10
>> with OpenSSL support (had to run ldconfig afterwards, though). It's
>> able to authenticate Pam and LDAP for apache and PPTP users fine.
>> However, I need to be able to auth users from a Cisco 1142N Controller
>> based LW AP. The test user (Macbook) is configured to do 802.1X TTLS
>> auth only with PAP as the inner tunnel. Worked ok with the old server,
>> as mentioned. However, on the new one, this is the debugging info I get
>> (I'll try to keep it to what's relevant):
>
> As always, start off with the default config. and make small changes.
> TTLS works, LDAP works, TTLS + LDAP works, etc. So there shouldn't be
> any problem with the technology. It's just how exactly will it be
> configured...
I never doubted the technology, only myself. :-/ As it turns out, I was as
usual, way overthinking the problem. After wasting several hours playing
with certificates, eap.cnf, etc, it turns out the real problem was just
that I needed to uncomment "pam" in sites-available/inner-tunnel.
James Smallacombe PlantageNet, Inc. CEO and Janitor
up at 3.am http://3.am
=========================================================================
More information about the Freeradius-Users
mailing list