Ok, duly noted. I've restored the defaults. Migrated settings for certificates, and the LDAP. Now my LDAP isn't working anymore. Where am I looking to edit first so that I can begin testing and not accidentally jump ahead of myself? I added the flat file user, as many recommend, that's working. "radtest flatuser testpass 127.0.0.1 0 testing123" When I run the test using my LDAP credentials I get "ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject" It's my understanding I'm only missing the reference in sites/default > authentication for the LDAP module? I'm about to change the sites-enabled/default, if you wouldn't mind reviewing the test I've attached to make sure I'm on the right path here before I change anything. Thanks again for the assistance, On Thu, Mar 7, 2019 at 9:38 AM Alan DeKok <aland@deployingradius.com> wrote:
On Mar 7, 2019, at 9:06 AM, Nate . <nate2077developer@gmail.com> wrote:
Good Evening, I have been working on building a new FreeRadius 3.0.16 server on Ubuntu. Our goal was to mimic our current setup, but instead of using the old server which is mashed together with some other applications that no longer function, devote one to this. I have followed the instructions on many sites on how to enable the proper modules and configure LDAP accordingly
That's a problem. 99% of those sites give bad advice.
(Our LDAP is acutally ldap.google.com) and we have successfully ran a radtest authentication against the LDAP settings, and it is Accepted. Great right? Well, then we attempted to enable EAP-TTLS, nothing seemed to work properly, and we found many different ways people were doing this. While researching a solution I've already configured all of our certificates.
It's 2019. The server comes with *tons* of documentation on how to do things. The comments in the configuration files tell you what to do, and what everything means.
So the last part we need to understand is the reason why we are getting "ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject"
I'm new to this kind of mailing list system, so please bear with me. I'm attaching the output log of our servers startup, and the connection log of my computer attempting over our wireless controller.
You edited the default configuration and broke it. Don't do that.
Throw away everything you did, except maybe the certificates, and the LDAP module configuration. Start over with the default configuration.
Make sure that the authentication works with "radtest". If it does, then read sites-enabled/inner-tunnel. Run radtest against the inner tunnel, following the instructions there.
If radtest works for the inner tunnel, then EAP-TTLS should work.
If radtest doesn't work for the inner tunnel, then post that debug output here.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html