Cian Phillips wrote:
rlm_ldap: performing search in cn=users,dc=cca,dc=edu, with filter (uid=cian) rlm_ldap: checking if remote access for cian is allowed by uidNumber rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user cian authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type LDAP auth: type "LDAP" Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_ldap: - authenticate rlm_ldap: Attribute "User-Password" is required for authentication. modcall[authenticate]: module "ldap" returns invalid for request 0 modcall: group Auth-Type returns invalid for request 0
It appears in your users file you are setting Auth-Type to LDAP. It should be EAP or just leave it blank. FreeRADIUS will set it to EAP. What you also need to do is set the client to use PAP authentication in the inner tunnel. http://vuksan.com/linux/dot1x/wpa-client-config.html Vladimir