Kyle Plimack wrote:
I’ve read a lot of threads and looked at the protocol / encryption compatibility chart, but I’ve never seen someone say, “this is the solution”.
1) get PAP working against LDAP 2) follow the EAP guide (deployingradius.com) to get EAP working 3) configure ldap in the "inner-tunnel" virtual server 4) LDAP + EAP will work.
An alternative I’m considering (I don’t know if its possible), is having radius pass the authentication request to PAM. Pam, on my radius server, is already connected to ldap, and should be able to provide the same authentication. Is is possible, and if so how should I do it?
Don't.
Attached is the output from radiusd –X, can you help me determine why authentication is failing, but authorization is passing?
You missed step (3).
Can I automatically authenticate once authorized? Why are they two different processes?
Because some people need them to be different processes. Alan DeKok.