EAP-PEAP GTC auth_type

tnt at kalik.net tnt at kalik.net
Thu Feb 26 11:14:37 CET 2009

>Great! It works perfectly.
>Other than enabling ldap in authorize and authenticate in
>inner-tunnel, I also had to change eap.conf's gtc section to auth_type
>= LDAP.
>This works, but it brings up another problem. Setting auth_type to
>PAP, Local, or commented out on gtc section does not work for LDAP. On
>the other hand, If I set auth_type = LDAP, PEAP-GTC with system user
>(which works if I set auth_type = PAP on gtc section) does not work.
>Is there a way I can authenticate with BOTH system user and LDAP using PEAP-GTC?
>the main radiusd.conf can have multiple authorize methods available,
>right? Why does gct have to explicitly set auth_type?

Leave gtc as pap. Change set_auth_type to no in ldap module
configuration. Module will then just collect the password and pass it to
pap module for authentication. It will not do "bind as user" ldap

Ivan Kalik
Kalik Informatika ISP

More information about the Freeradius-Users mailing list