Forum

Does anyone have experience implementing 802.1X using EAP-TTLS with LDAP (edirectory) as the backend identity repository? We are currently running a pilot with Funk SBR, Odyssey Client, and Extremenetworks switches. Theoretically this seems to be the most secure solution but it appears to be a complex setup and not going so smoothly. Any tips for this configuration from experienced designers?? Thanks,

Odyssey Server should be running on a Windows server that can talk to eDirectory. That might mean you'd want to have eDirectory (and at least a read replica) running on that Windows server as well. You could have Odyssey proxy it to a Novell box (if that's what's running eDirectory) - just make sure they can talk so that Odyssey can do its lookups. I don't see you needing SBR (unless Odyssey's proxying capabilities have been purposefully limited by Funk). If so, you'd have to bounce from Odyssey to SBR to eDirectory (expensive and lots of failure points, but still better than some of the alternatives). I'd ask Funk's support about being able to go directly from Odyssey to eDirectory. The requirement would be LDAP compliant lookup support.

http://www.funk.com/radius/Solns/novell_ah.asp

thx