Hi, Am 30.11.2017 um 17:33 schrieb Andrew Meyer via Freeradius-Users:
So yesterday after complicating my configuration I decided to completely start over. I rebuilt the server and got everything work up to the EAP-TLS.
Do you really mean EAP-TLS? EAP-TLS means using client certificates to authenticate the users and not any inner tunnel. In contrast on EAP-TTLS your are establishing a TLS secured connection and then authenticate the user in an inner tunnel (using PAP, LDAP, ...).
https://wiki.alpinelinux.org/wiki/FreeRadius_EAP-TLS_configuration
This doesn't use LDAP auth. LDAP auth would be in the "inner tunnel". EAP-TLS doesn't need/have an inner tunnel.
Auth-Type LDAP { rlm_ldap (ldap): Reserved connection (6) (2) ldap: Login attempt by "andrew.meyer" (2) ldap: Using user DN from request "uid=andrew.meyer,cn=users,cn=accounts,dc=meyer,dc=local" (2) ldap: Waiting for bind result... (2) ldap: Bind successful (2) ldap: Bind as user "uid=andrew.meyer,cn=users,cn=accounts,dc=meyer,dc=local" was successful rlm_ldap (ldap): Released connection (6) (2) [ldap] = ok (2) } # Auth-Type LDAP = ok (2) # Executing section post-auth from file /etc/raddb/sites-enabled/default (2) post-auth { (2) update { (2) No attributes updated (2) } # update = noop (2) [exec] = noop (2) policy remove_reply_message_if_eap { (2) if (&reply:EAP-Message && &reply:Reply-Message) { (2) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (2) else { (2) [noop] = noop (2) } # else = noop (2) } # policy remove_reply_message_if_eap = noop (2) } # post-auth = noop (2) Sent Access-Accept Id 16 from 10.150.10.45:1812 to
This looks like LDAP auth is working fine, an Access-Accept is sent. What does this have to do with EAP-TLS? And since Access-Accept is sent: What is the problem here? Kind regards, Enno