freeradius -peap ad/ldap

[Sam Schultz]

>> DEFAULT     <check_items (ex: Realm == 'your_domain')>
>>             Autz-Type := <your_ldap_instance (ex: ldap)>,
>>             Auth-Type := <module_instance_for_authentication>

>so i did what you recommended, which makes sense to do... i have
>Autz-type := eap, and in debug mode i get this clearly an access-
reject
>follows. 
>
>auth: No authenticate method (Auth-Type) configuration found for 
the
>request: Rejecting the user
>auth: Failed to validate the user.

First off, eap shouldn't be used this way. The top line of eap.conf
clearly states:

"Whatever you do, do NOT set 'Auth-Type := EAP'.  The server is 
smart
enough to figure this out on its own"

Typical modules that would be used here are things like 'files', 
'ldap',
or 'sql'. There are also special types like 'Local' & 'System', 
which
you'd have to use one of if you were using an sql table to store 
user
credentials.

The second thing you have to understand is the difference between 
modules & instances. An instance is a specific configuration of a
module. The instance itself has a name that is user-specified.
I suggest you read through the configurable_failover document, which
is usually in /usr/share/doc/freeradius-<version>, it isn't long and
offers pretty good insight into how freeradius' configuration gets
processed.

Also, if you need to use a seperate back-end for authentication, 
maybe you should tell us what you need to use so we can give you 
more specific
answers.

--
Click for free info on online degrees and make $150K/ year
http://tagline.hushmail.com/fc/CAaCXv1WBTC2SZD08y4Fk4U6rprEfbhG/