How to use different ldap-modules?
Alan DeKok
aland at ox.org
Mon Jun 20 20:00:23 CEST 2005
Florian Prester <Florian.Prester at rrze.uni-erlangen.de> wrote:
> I configured 2 ldap modules, one using a clear-text password for
> PEAP-TLS with MS-CHAPv2 or only CHAP authentication,
> and one retrieving a Crypt-Password for using PAP-Authentication.
Why? Just use the clear-text password to do all of the
authentication. You're making work for yourself without any gain.
> group {
...
You're listing EAP in that group. DON'T.
> But it only takes the first entry, and if I switch the order of ldap-PAP
> and ldap-PEAP, so it should take ldap-PAP, therefore retrieve an
> Crypt-Password from the ldap-PAP-section it wants to use ldap for
> authentication!?!?!?
Yes.
> What do I wrong?
You've made massive changes to the configuration files.
Stop using two LDAP instances. You don't need them. Use the
default configuration, with one LDAP module in the places shown by the
default configuration. It WILL work.
Alan DeKok.
More information about the Freeradius-Users
mailing list