Hi Alan, i told myself that i should try and enable the ldap module in the authorize section, nothing wrong in that ;) and now it works... so now in my inner-tunnel file i got: server inner-tunnel { authorize { suffix update control { Proxy-To-Realm := LOCAL } eap { ok = return } ldap expiration logintime pap } authenticate { Auth-Type PAP { pap } Auth-Type LDAP { ldap } } .... } it works like this, but im still not sure if this is the recommended way :D thanks and best regards Caius Pargar --- On Mon, 11/16/09, Alan Buxey <A.L.M.Buxey@lboro.ac.uk> wrote:
From: Alan Buxey <A.L.M.Buxey@lboro.ac.uk> Subject: Re: FR2.1.7 with EAP-TTLS/PAP and LDAP To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Date: Monday, November 16, 2009, 2:44 PM Hi,
Hi Alan,
i checked my sites-available/inner-tunnel file:
in authorize section everything is commented, except: eap and pap (ldap is commented).
in authneticate section i have Auth-Type PAP { pap }
Auth-Type LDAP { ldap }
the rest is commented
IIRC this is one of those wierd times when you need to have a
DEFAULT Auth-Type := LDAP
att he bottom of your users file. I may be wrong...but i think EAP+LDAP is a funny beast
alan