On Wed, Nov 24, 2010 at 3:51 PM, Alexander Clouter <alex@digriz.org.uk> wrote:
Robert Masters <RMasters@bunnings.com.au> wrote:
We've been working on using Freeradius on RHEL5.4 to link a Motorola RFS6000 with Oracle OID.
What I use, other than just a version of FreeRADIUS from this decade, is something like the following: ---- eap { ...
# do *not* pass to a inner virtual server for GTC (unless you # want to do secondary authentications, two-factor?)
If Robert is using Oracle OID like we've been using Lotus Domino's LDAP, then you'd want to pass it to inner tunnel.
This is wrong and unnecessary, you should never sent the Auth-Type (except to Reject or Accept); especially to 'LDAP'.
You need to, on some special cases (at least on the freeradius version I'm using, 2.1.6). The "special case" here is when you're authenticating against LDAP database, but the schema doesn't store cleartext-password or some form of password crypt compatible with freeradius, leaving you only with LDAP bind for authentication. See http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg65103.h... for relevant part in my config. -- Fajar