More documentation on Auth-Type
Rohaizam Abu Bakar
haizam at myjaring.net
Mon Aug 7 11:15:52 CEST 2006
Alan,
Refering to below config, each services having their own LDAP tree and
specified under ldap module with different Auth-Type & Autz-type specified
in radiusd.conf. How can I set in users file to search for which tree?
Normally i detect NAS-Identifier, NAS-Port-Type as check item. If I specify
Auth-Type & Autz-Type in users file, seems working but when up to EAP.. it's
not working....
####################################################
) users
=====
DEFAULT ???? (not to set Auth-Type but need to direct to certain LDAP
tree)
ii) radiusd.conf
==========
ldap adsl {
basedn=ou=ADSL, ou=People...
}
ldap wifi {
basedn=ou=wifi, ou=People...
}
Then .. in authenticate and authorize section :-
authorize {
eap
Autz-Type=ADSL {
adsl
}
Autz-Type=WIFI {
wifi
}
}
authenticate {
Auth-Type=ADSL {
adsl
}
Auth-Type=WIFI {
wifi
}
eap
}
iii) eap.conf
... some config...
##########################################
----- Original Message -----
From: "Alan DeKok" <aland at deployingradius.com>
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Monday, August 07, 2006 9:08 AM
Subject: Re: More documentation on Auth-Type
> "Rohaizam Abu Bakar" <haizam at myjaring.net> wrote:
>> I've read the docs about auth-type configuration. And agree that without
>> setting auth-type and leave FR to auto detect it, the auth will work even
>> up
>> to EAP. But sometimes we have to specify auth-type in order to search for
>> different tree in LDAP
>
> ... which isn't authentication. You just described searching an
> LDAP tree for information. That's using LDAP for what it was designed
> to do best: database lookups.
>
> Once the information is found in LDAP, the RADIUS server can do
> CHAP, MS-CHAP, etc. for authentication. LDAP servers don't handle
> those authentication protocols, so you're stuck with using LDAP for DB
> lookups, and RADIUS for authentication.
>
>> normally EAP sequence works OK but when up to comparing password, it will
>> failed. I've reported my problem a few times in mailing list.
>
> I don't recall seeing that, sorry. What was the problem?
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list