When to ldap?
Dean, Barry
B.Dean at liverpool.ac.uk
Wed May 12 15:49:23 CEST 2010
I am working on a new radius config and have been trying to avoid the lookup in LDAP I have been seeing for the outer identity.
I have moved to 2.1.8 with the inner-tunnel virtual host enabled.
I have an authorise section for the relevant virtual server that has:
authorize {
preprocess
auth_log
chap
mschap
suffix
eap {
ok = return
}
files
if (!EAP-Message) {
ldap
}
expiration
logintime
pap
}
The "if(!EAP-Message)" works a treat at preventing an LDAP lookup for the outer identity, but if I want to send a basic User-Name/User-Password type auth request after checking with LDAP and returning "Remote access is permitted", I then see:
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
What am I missing to tell the "authenticate" section below what I want to do next?
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
unix
Auth-Type LDAP {
ldap
}
Auth-Type EAP {
eap
}
eap
}
I presume:
if (!EAP-Message) {
ldap
}
Fails to set Auth-Type LDAP?
----------------------
Barry Dean
Principal Programmer/Analyst
Networks Group
Computing Services Department
Tel: 0151 795 9540
-------------- next part --------------
A non-text attachment was scrubbed...
Name: h1_a.png
Type: image/png
Size: 3693 bytes
Desc: h1_a.png
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100512/5cf8f11b/attachment.png>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00001.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100512/5cf8f11b/attachment.txt>
More information about the Freeradius-Users
mailing list