Work wrote:
I think I've successfullyconfigured freeradius for the pap authentication with openldap since the radtest returns ok.
Read raddb/sites-available/inner-tunnel. It describes how to test the *inner* portion of EAP. You should test that before going to the full EAP tests.
is this ugly? My company does not want to add radiuschema to the users.
It's fine.
These are the configs:
We don't want the configs. They're not helpful.
the debug from radius is:
Helpful.
[ldap] Added User-Password = {MD5}tQzXLan1f4v2iAMD/1t2Ig== in check items
Which seems OK.
Found Auth-Type = LDAP +- entering group LDAP {...} [ldap] Attribute "User-Password" is required for authentication. You seem to have set "Auth-Type := LDAP" somewhere. THAT CONFIGURATION IS WRONG. DELETE IT. YOU ARE PREVENTING THE SERVER FROM WORKING PROPERLY.
What part of that message is unclear?
Thank you :), hope I'm not missing somithing stupid, I've read a lot of documentation here and there.
Reading the debug output helps. Don't force "Auth-Type := ldap". The default configuration does NOT do this. So the only way it happens is if you changed the configuration to do this. Delete that, and it will work.
ps. password on the LDAP are stored in hash form.
Which means you can only use EAP-TTLS / PAP. All other EAP types will *not* work. Alan DeKok.