Re: TTLS-PAP authentication with LDAP bind

Richard Hesse wrote:

> If I force the Mac or Windows supplicants to use TTLS-PAP, the request is never
> passed to radiusd.

The NAS is broken.

> I don't know what's going on but my AP (Aruba 200) seems to be detecting that
> something isn't right with its AAA server

Disable the Aruba AAA server. If you're using FreeRADIUS, you DO NOT
need the Aruba AAA server.

> and not passing the request on. If I change the supplicants to use their default
> settings, the requests are sent to FreeRadius, but the requests fail.
Again,
> the Aruba seems to think that something is wrong and presents its
> certificate instead of my server's.

Disable the Aruba AAA server.

> Yes, I've run the server in debug mode (there are no requests coming in).

Then the NAS is broken.

It's not rocket science: If FreeRADIUS isn't getting any requests,
then there is NOTHING YOU CAN DO to FreeRADIUS to fix the problem.

The NAS is broken. Disable its AAA server. I can't emphasize that
enough.

Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html