802.1x and LDAP

Vladimir Vuksan vlists at veus.hr
Sun Aug 21 23:38:22 CEST 2005


Cian Phillips wrote:

> rlm_ldap: performing search in cn=users,dc=cca,dc=edu, with filter  
> (uid=cian)
> rlm_ldap: checking if remote access for cian is allowed by uidNumber
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user cian authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
>   modcall[authorize]: module "ldap" returns ok for request 0
> modcall: group authorize returns updated for request 0
>   rad_check_password:  Found Auth-Type LDAP
> auth: type "LDAP"
>   Processing the authenticate section of radiusd.conf
> modcall: entering group Auth-Type for request 0
> rlm_ldap: - authenticate
> rlm_ldap: Attribute "User-Password" is required for authentication.
>   modcall[authenticate]: module "ldap" returns invalid for request 0
> modcall: group Auth-Type returns invalid for request 0


It appears in your users file you are setting Auth-Type to LDAP. It 
should be EAP or just leave it blank. FreeRADIUS will set it to EAP.

What you also need to do is set the client to use PAP authentication in 
the inner tunnel.

http://vuksan.com/linux/dot1x/wpa-client-config.html

Vladimir



More information about the Freeradius-Users mailing list