Freeradius 2.1.5 and LDAP+EAP-TLS problem.
Ville Leinonen
ville.leinonen at solodel.com
Mon Mar 30 13:48:45 CEST 2009
Hi,
Never mind i figure out my problem. I add this line in my configuration:
ldap {
notfound = reject
}
So if user is not in my ldap. Then its rejected.
Br,
Ville
-----Original Message-----
From: freeradius-users-bounces+ville.leinonen=solodel.com at lists.freeradius.org on behalf of Ville Leinonen
Sent: Mon 30/03/2009 14:36
To: freeradius-users at lists.freeradius.org
Subject: Re: Freeradius 2.1.5 and LDAP+EAP-TLS problem.
Hi,
Maybe im not started this post clearly. So i try open again what i want to do.
I have a computer certificates.
I also have openldap and that ldap includes my computer accounts.
Now I want to use those certificates to authenticate
computers and get authorization information inside my ldap. If
computers dont have account in my ldap it's rejected.
But if i put only ldap in my authorization section radius gives:
"No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user"
If i put also eap in authorization section, the radius uses eap
for authorization and give access-accept. Even if user not found
in ldap.
Br,
Ville
>Here is some other logs if i use only ldap for authorize section:
>
>You have butchered the configuration and now you are wondering why it's
>not working? If you don't know what you are doing - don't do it. If
>you feel the urge to disable something (disbling unused modules is
>hardly going to make any impact on preformance) get things working first
>- than remove things you feel you must one by one. If you remove
>something vital you will know what it was and will be able to put it
>back.
>Use default configuration. Configure *only* ldap module. Don't make
>*any* changes to virtual servers (authorize, authenticate etc.). And it
>will work.
>Ivan Kalik
>Kalik Informatika ISP
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 3767 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090330/89e72f67/attachment.bin>
More information about the Freeradius-Users
mailing list