One question about Access-Request packet

K. Hoercher wbhoer at gmail.com
Fri Jan 19 10:20:19 CET 2007


Hi!

On 1/18/07, Rafał Kamiński <rafal.kaminski at blstream.com> wrote:
> Hi again,
>
> I set EAP-TLS with cert. - i use that text
> http://www.fredprod.com/affiche_howtos.php

Sorry, URL seems broken.

> i set in radius.conf
>
> authorize {
>         files
> }

Put in at least "eap". Better start with the shipped default file an
change (step by step) to meet your needs. Read the comment there above
the "eap" stanza.

> and in users file
>
> "username-the same what in cert" Auth-Type := EAP
>

Don't set it. As noted with hilarious regularity on this list. (If you
got that from the maybe then working URL you mentioned, forget it.)
Auth-Type gets perfectly well handled by the eap module in authorize.
http://deployingradius.com/documents/configuration/auth_type.html

> And
>
> How i must set authentication and authorize if i will use that in future
> with ldap?

That's to general a question to give an useful answer. Keep in mind
that "authenticating" against ldap by binding the user's dn, will not
work for EAP(-PEAP)

Regards
K. Hoercher




More information about the Freeradius-Users mailing list