EAP/TTLS on LDAP with freeradius 2.0.1
Thierry CHICH
thierry.chich at ac-clermont.fr
Wed Feb 6 15:27:19 CET 2008
Hello,
I know that my problem is so simple that I should be ashamed to ask help, but
I have to say that I can't find a good way to do what I want to do.
With the previous release of freeradius 1.1.7, I could do the following
things:
- people with a correct outer identity and inner identity (login/password)
could be authorized and authenticate on a LDAP server, using an EAP-TTLS
tunnel, obtained a WPA key.
- with the same radius server, I could authenticate people with EAP-PEAP and
mschapv2 on a sql database.
It was nice, but I had a small problem: accounting was done using the outer
identity. Since I was using the ldap to do the authorization, people who put
an other valid identity didn't be correctly accounted.
Then, I decided to use freeradius 2.0.1. And then I don't see how to obtain a
basic configuration that is doing my first point.
I always finished by :
rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes.
auth: No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
If I put an Auth-Type := LDAP, it seems better in the first time, but it is
worst:
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
+- entering group LDAP
rlm_ldap: - authenticate
rlm_ldap: Attribute "User-Password" is required for authentication.
You seem to have set "Auth-Type := LDAP" somewhere.
THAT CONFIGURATION IS WRONG. DELETE IT.
YOU ARE PREVENTING THE SERVER FROM WORKING PROPERLY.
++[ldap] returns invalid
auth: Failed to validate the user.
At this point, I don't understand what freeradius want.
I don't know how to say : authorize on waht you want, I don't care, and
authenticate on my LDAP server.
Is it a good configuration sample I can find anywhere ?
Regards,
--
Thierry CHICH
More information about the Freeradius-Users
mailing list