Thank you Arran :-) I'll update the Wiki page at some point (next week) with this information :-) Stefan ________________________________________ From: freeradius-users-bounces+stefan.paetow=ja.net@lists.freeradius.org [freeradius-users-bounces+stefan.paetow=ja.net@lists.freeradius.org] on behalf of Arran Cudbard-Bell [a.cudbardb@freeradius.org] Sent: 17 July 2014 18:51 To: FreeRadius users mailing list Subject: Re: rlm_ldap + bind as user authentication On 17 Jul 2014, at 12:48, Stefan Paetow <Stefan.Paetow@ja.net> wrote:
Oh, and I just realised… If I’m using EAP-GTC as the inner type in an EAP conversation, I only need to replace the ‘pap’ in Auth-Type PAP (in the authenticate section) with ‘ldap’ and it binds ok.
But – Is that the recommended way of doing it?
What I didn't realise before was deep in the darkest murkiest depths of the server core, is some logic which auto creates the auth types for modules listed in authenticate. so if you do authorize { if (User-Password) { update control { Auth-Type := ldap } } } authenticate { ldap } Should work fine. If you're doing EAP then this will need to be in the inner tunnel, with EAP listed before the if statement (or at leas that's the most efficient way). -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2 Janet(UK) is a trading name of Jisc Collections and Janet Limited, a not-for-profit company which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238