28 Sep
2008
28 Sep
'08
9:26 a.m.
The problem is that PAM is never used. This seems to be an artifact of the fact that rlm_ldap is supposed to fetch a "known good" password, but I don't have passwords in the LDAP database. rlm_ldap is indeed successful in authorizing, but there is no Auth-Type set to handle the authentication.
If I for example force Auth-Type to PAM in the users file (not good, I know), TTLS-negotiation is never run.
Don't set it in users file. Set it using unlang in authorize section of inner-tunnel virtual server. Ivan Kalik Kalik Informatika ISP