Doubt about default and inner-tunnel
Giovanni Lovato
giovanni.lovato at aldu.net
Sun Oct 5 21:22:00 CEST 2008
I use FR 2.1.1 for WPA authentication, using TTLS+MSCHAPv2 and LDAP to
store users and passwords (in LM/NT hash format). I tried several
configurations:
Configuration 1:
- no changes in sites-enabled/default;
- in sites-enabled/inner-tunnel uncommented "ldap" in authorize and
"Auth-Type LDAP" in authenticate.
Result: users get access even with an incorrect password. Why?
Configuration 2:
- in sites-enabled/default uncommented "ldap" in authorize and
"Auth-Type LDAP" in authenticate;
- no changes in sites-enabled/inner-tunnel.
Result: users aren't authenticated.
Configuration 3:
- in sites-enabled/default uncommented "Auth-Type LDAP" in authenticate;
- in sites-enabled/inner-tunnel uncommented "ldap" in authorize.
Result: it seems to work correctly, users get access only with a correct
password.
I can't understand well the flow of the process between the two virtual
servers :(
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3436 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081005/1c806a8f/attachment.bin>
More information about the Freeradius-Users
mailing list