Dean, Barry wrote:
I am working on a new radius config and have been trying to avoid the lookup in LDAP I have been seeing for the outer identity.
I have moved to 2.1.8 with the inner-tunnel virtual host enabled.
I have an authorise section for the relevant virtual server that has:
*which* virtual server?
The "if(!EAP-Message)" works a treat at preventing an LDAP lookup for the outer identity, but if I want to send a basic User-Name/User-Password type auth request after checking with LDAP and returning "Remote access is permitted", I then see:
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
And the *rest* of the debug log says.... ?
I presume:
if (!EAP-Message) { ldap }
Fails to set Auth-Type LDAP?
Yes. It *shouldn't*, either. That was a mistake from 1.x. Alan DeKok.