freeradius -peap ad/ldap

[joe vieira]

Sam Schultz wrote:
>>> DEFAULT     <check_items (ex: Realm == 'your_domain')>
>>>             Autz-Type := <your_ldap_instance (ex: ldap)>,
>>>             Auth-Type := <module_instance_for_authentication>
>>>       
>
>   
>> so i did what you recommended, which makes sense to do... i have
>> Autz-type := eap, and in debug mode i get this clearly an access-
>>     
> reject
>   
>> follows. 
>>
>> auth: No authenticate method (Auth-Type) configuration found for 
>>     
> the
>   
>> request: Rejecting the user
>> auth: Failed to validate the user.
>>     
>
> First off, eap shouldn't be used this way. The top line of eap.conf
> clearly states:
>
> "Whatever you do, do NOT set 'Auth-Type := EAP'.  The server is 
> smart
> enough to figure this out on its own"
>
> Typical modules that would be used here are things like 'files', 
> 'ldap',
> or 'sql'. There are also special types like 'Local' & 'System', 
> which
> you'd have to use one of if you were using an sql table to store 
> user
> credentials.
>
> The second thing you have to understand is the difference between 
> modules & instances. An instance is a specific configuration of a
> module. The instance itself has a name that is user-specified.
> I suggest you read through the configurable_failover document, which
> is usually in /usr/share/doc/freeradius-<version>, it isn't long and
> offers pretty good insight into how freeradius' configuration gets
> processed.
>
> Also, if you need to use a seperate back-end for authentication, 
> maybe you should tell us what you need to use so we can give you 
> more specific
> answers.
>
>   
reference the initial thread where i said i was authenticating off of 
active directories, using eap-peap.  which i had previously working just 
fine. 
Since i didn't specify an instance name in my eap.conf, it is referenced 
as 'eap' (which i did read, but was following your advice).

Joe