John Maher wrote:
Thanks for this information. Being very new to radius, and a bit sloppy with my wording, I was not clear about what I was looking for. It's true that the function of the different config files not that complicated. What is not clear to me, when looking at the output of freeradius -X that is generated from a user's connection attempt, is the sequencing and reasoning behind the output.
Well.. it does a lot. Remember, this isn't... DNS: what is the IP for name X? DHCP: please allocate an IP for MAC Y, I'm on switch X port Y RADIUS is *enormously* more complicated. As a result, the configuration files are more complicated, and the debug output is more complicated.
For example, the output I posted included this: ... I don't understand several things from this, but one example is why does it state:
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
and the next line states:
[ldap] user jmaher authorized to use remote access
?
authorization != authentication If there isn't a password... the user can't be authenticated. The debug log shows this.
Anyway, a good resource for understanding how radius and its modules do their jobs would be good to know about.
doc/rlm_ldap explains how the LDAP module is used, and how the "access" is checked. Again... this *is* documented. The filenames shouldn't be hard to figure out: doc/rlm_ldap should be pretty easy to find. doc/aaa.txt explains how the authentication process works. While the documentation isn't perfect, I'm not sure what you want. The questions you're asking are answered in the existing documentation, which is reasonably well organized. (try: ls doc/*ldap* ...) Alan DeKok.