eap-ttls with ldap
Fajar A. Nugraha
list at fajar.net
Wed Nov 16 07:16:29 CET 2011
On Wed, Nov 16, 2011 at 12:57 PM, Angelica Delgado
<angelicadel230 at gmail.com> wrote:
> We configured ldap module to connect to our Active Directory as a ldap
> server. This is currently working. Do we need to change this configuration
> in order to start using eap-ttls?
err ... no, but unless you use ntlm_auth you would've needed to do
ldap bind, which means you can't use MSCHAP. If you can tolerate that
than it should be no problem.
> We read on the ldap module that it does
> not supports eap. If this is true?
>
Where did you read that?
I used eap-peap-gtc with a lotus domino ldap server, and it works just
fine. I can NOT use it for eap-peap-mschapv2 though (due to the ldap
bind requirement).
You CAN use eap-peap-MSCHAPv2 with AD, but only if you also use
ntlm_auth (see the links I sent earlier).
--
Fajar
More information about the Freeradius-Users
mailing list