eap-ttls with ldap

Fajar A. Nugraha list at fajar.net
Wed Nov 16 07:16:29 CET 2011

On Wed, Nov 16, 2011 at 12:57 PM, Angelica Delgado
<angelicadel230 at gmail.com> wrote:
> We configured ldap module to connect to our Active Directory as a ldap
> server.  This is currently working.  Do we need to change this configuration
> in order to start using eap-ttls?

err ... no, but unless you use ntlm_auth you would've needed to do
ldap bind, which means you can't use MSCHAP. If you can tolerate that
than it should be no problem.

>  We read on the ldap module that it does
> not supports eap.  If this is true?

Where did you read that?

I used eap-peap-gtc with a lotus domino ldap server, and it works just
fine. I can NOT use it for eap-peap-mschapv2 though (due to the ldap
bind requirement).

You CAN use eap-peap-MSCHAPv2 with AD, but only if you also use
ntlm_auth (see the links I sent earlier).


More information about the Freeradius-Users mailing list