802.1x ->Radius ->Ldap

Alan DeKok aland at deployingradius.com
Thu Jun 17 18:21:56 CEST 2010


Kyle Plimack wrote:
> I’ve read a lot of threads and looked at the protocol / encryption
> compatibility chart, but I’ve never seen someone say, “this is the
> solution”.

1) get PAP working against LDAP
2) follow the EAP guide (deployingradius.com) to get EAP working
3) configure ldap in the "inner-tunnel" virtual server
4) LDAP + EAP will work.

>  An alternative I’m considering (I don’t know if its
> possible), is having radius pass the authentication request to PAM.
>   Pam, on my radius server, is already connected to ldap, and should be
> able to provide the same authentication.  Is is possible, and if so how
> should I do it?

  Don't.

> Attached is the output from radiusd –X, can you help me determine why
> authentication is failing, but authorization is passing?

  You missed step (3).

>  Can I
> automatically authenticate once authorized?  Why are they two different
> processes?

  Because some people need them to be different processes.

  Alan DeKok.



More information about the Freeradius-Users mailing list