hey Phil, hey list, Phil Mayers sagte:
Michael Messner wrote:
Use the "ldap" module to query AD and add attributes to the reply dynamically. For example:
DEFAULT Ldap-Group == "cn=students,dc=domain,dc=com" Filter-Id = "Enterasys:version=1:mgmt=su:policy=userrole"
...or similar.
But as I understood I can't use PEAP or MD5 authentication, am I right? So there is nothing with 802.1x security?!?
You can use LDAP just for the group checking. You don't have to use it for processing the authentication. So if you've already got 802.1x working e.g. using the mschap module and ntlm_auth, you can carry on using that.
Easiest is to re-order the modules like so:
authorize { preprocess
# let the various auth types get detected and set chap mschap eap
# now process the other stuff ldap files }
...and remove the "Auth-Type LDAP" section from "authenticate"
real great, everything works now! :-) thanks a lot for your help ca mIke