802.1x, EAP and LDAP
Alan DeKok
aland at deployingradius.com
Mon Mar 3 17:23:44 CET 2008
Mike Richardson wrote:
> I'd read that radtest didn't do EAP so I installed Xsupplicant and was using
> that for tests. That seems to be a more realisic approach. If you think that
> I can fix the problem by not attempting EAP and using radtest then that is
> exactly what I shall do.
Yes. The problem has nothing to do with EAP.
>>> rlm_ldap: Over-riding set_auth_type, as we're not listed in the "authenticate" section.
>> You were told to go fix this. Do it. Now
>
> I DID. I didn't think that posting the new radius config would be of use but
> the section in authenticate is DEFINTIELY there and uncommented. Why this
> message is appearing in the output is a mystery to me.
How much of the default configuration file did you edit? Start with
the *default* configuration, and make small changes from there.
The default configuration *works*.
If you've been trying to get this working for a long time, then either
there's a major bug in the version you're using, *or*, you're not
editing && testing the configuration in a systematic way.
> I'm reading everything and following all the instructions to the letter.
> Please don't take that sort of attitude. I've explained that I'm not so I'd
> appreciate it if you'd do the same.
My amazement is that it appears to be so hard to get this working.
Honestly, the default configuration works in the widest possible set of
circumstances. I can't tell you how many people just installed the
server, un-commented the ldap config, pointed it to their local ldap
server, tested with "radtest", and saw that it worked.
It really *is* that easy. Try it. If it doesn't work for you, then
there's something major going wrong.
*That's* why configurations are tested in pieces. If plain PAP
doesn't work when going to LDAP, then it's a complete and total waste of
your time to install and configure an 802.1x supplicant.
Alan DeKok.
More information about the Freeradius-Users
mailing list