On Aug 29, 2016, at 5:06 AM, Ana Gallardo Gómez <anaougu@gmail.com> wrote:
I don't know if I can use PEAP with LDAP as authentication source...
Yes, you can. But you have to use LDAP as a *database*. You cannot do an LDAP bind.
The problem I found is that inner-tunnel server doesn't receive User-Password attributte, so the bind in authentication is not successful:
So don't do LDAP bind.
(9) Auth-Type LDAP { (9) redundant redundant_ldap_auten_email { (9) ldap1_auten_email: WARNING: You have set "Auth-Type := LDAP" somewhere (9) ldap1_auten_email: WARNING: ********************************************* (9) ldap1_auten_email: WARNING: * THAT CONFIGURATION IS WRONG. DELETE IT. (9) ldap1_auten_email: WARNING: * YOU ARE PREVENTING THE SERVER FROM WORKING (9) ldap1_auten_email: WARNING: *********************************************
So... what is unclear about that message? Go fix your configuration so it doesn't force Auth-Type = LDAP. And post the FULL debug output.
It is posible use PEAP with LDAP as authentication source? with TTLS-PAP or TTLS-MsCHAPv2 it works.
If it works for TTLS-MSCHAPv2, then it should work for PEAP. Alan DeKok.