On 16/05/11 13:32, Alexandros Gougousoudis wrote:
Hi,
I'am trying to make FR 2.1.10 on Squeeze work with my LDAP installation. What I want to do is:
A host-based authentification for my workstations. All the names of the workstations are in LDAP, the authentification itself should be done with EAP-TLS. I would like to have a hint, how to start EAP when the LDAP-Query was successfull. The LDAP-Query works I think, FR says: [ldap] user scit-beerchen authorized to use remote access, but then it tries to make some kind of password authentification (I have no password for workstations in LDAP), and is not starting EAP-TLS. The asking host "scit-beerchen" is in the WLAN-User Group.
What could I do?
The reason it's failing is nothing to do with LDAP. It's because you've added a module "ntlm_auth" to the authorize section.
[ntlm_auth] expand: --username=%{mschap:User-Name} -> --username=scit-beerchen [ntlm_auth] expand: --password=%{User-Password} -> --password= Exec-Program output: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a) Exec-Program-Wait: plaintext: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a) Exec-Program: returned: 1 ++[ntlm_auth] returns reject Using Post-Auth-Type Reject
You've broken the default configs by adding in modules you don't need and don't understand. Go back to the default configs. Then *just* configure LDAP, and things will work.