Authorize/authenticate with LDAP

Alan DeKok aland at deployingradius.com
Wed Jan 16 14:19:13 CET 2008


Thierry CHICH wrote:
> I have an access-point, and I want use EAP/TTLS in order to authenticate 
> people on my LDAP server. The first time, I had then something like that:
...
> in my intel proset, if I am giving a false identity in my roaming profile with 
> a good identity and a good password, it is working. The authorization step 
> doesn't work as I want. The most important problem is that the accounting is 
> using my roaming profile.

  Yes.  The outer identity is often "anonymous", and does not matter for
authentication.

  If you set the User-Name in the Access-Accept, the NAS *should* use
that name for accounting, and not the name from the outer identity.

  Alan DeKok.



More information about the Freeradius-Users mailing list