LDAP-FreeRadius-Cisco Switch-802.1x Fails.

Fajar A. Nugraha list at fajar.net
Fri Apr 20 09:15:59 CEST 2012


On Fri, Apr 20, 2012 at 2:09 PM, Wassim Zaarour
<wassim.zaarour at navlink.com> wrote:
> Hi Alan,
>
> I went through the archives and did some changes but still getting the
> error, appreciate of you can help me a bit here.
>
> I think I read that the ldap request must be proxied to the inner tunnel for
> it work, is that true? How can we do that?

Short version: you won't be able to get PEAP-MSCHAPv2 (i.e. what
windows use) to work with your LDAP. Period.

Long version:
MSCHAPv2 (which also means PEAP-MSCHAPv2) needs either:
- Cleartext-Password or NT-Hash available (in LDAP, sql, users file
whatever), OR
- an active directory

If you don't have either, then it won't work.

-- 
Fajar


More information about the Freeradius-Users mailing list