Re: Authorize/authenticate with LDAP
Thierry CHICH wrote:
> I have an access-point, and I want use EAP/TTLS in order to authenticate
> people on my LDAP server. The first time, I had then something like that:
...
> in my intel proset, if I am giving a false identity in my roaming profile with
> a good identity and a good password, it is working. The authorization step
> doesn't work as I want. The most important problem is that the accounting is
> using my roaming profile.
Yes. The outer identity is often "anonymous", and does not matter for
authentication.
If you set the User-Name in the Access-Accept, the NAS *should* use
that name for accounting, and not the name from the outer identity.
Alan DeKok.
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.