On 1/29/19 1:03 PM, Alan DeKok wrote:
That configuration is intended for a different use-case. While they might work, they're not correct.
My earlier recommendation is the correct approach.
Indeed. I was confused by the fact that the changes in that note make radtest (and EAP-TTLS) work. I've done a bit of testing, and I've come up with the following changes required to make each "method" work. (In addition to the certificate & LDAP configuration that is common across all 3 "methods.") * radtest - force Auth-Type LDAP in the authorize section of sites-available/default - enable LDAP authentication in the authenticate section of sites-available/default * EAP-TTLS - force Auth-Type LDAP in the authorize section of sites-available/inner-tunnel - enable LDAP authentication in the authenticate section of sites-available/inner-tunnel * EAP-GTC - set auth_type = LDAP in the gtc section of mods-available/eap - enable LDAP authentication in the authenticate section of sites-available/inner-tunnel I hope I've got that right. Thanks! -- ======================================================================== Ian Pilcher arequipeno@gmail.com -------- "I grew up before Mark Zuckerberg invented friendship" -------- ========================================================================