Authorize/authenticate with LDAP
Alan DeKok
aland at deployingradius.com
Wed Jan 16 14:19:13 CET 2008
Thierry CHICH wrote:
> I have an access-point, and I want use EAP/TTLS in order to authenticate
> people on my LDAP server. The first time, I had then something like that:
...
> in my intel proset, if I am giving a false identity in my roaming profile with
> a good identity and a good password, it is working. The authorization step
> doesn't work as I want. The most important problem is that the accounting is
> using my roaming profile.
Yes. The outer identity is often "anonymous", and does not matter for
authentication.
If you set the User-Name in the Access-Accept, the NAS *should* use
that name for accounting, and not the name from the outer identity.
Alan DeKok.
More information about the Freeradius-Users
mailing list