Using LDAP with EAP-TLS
Alan DeKok
aland at deployingradius.com
Mon May 16 15:17:51 CEST 2011
Alexandros Gougousoudis wrote:
> A host-based authentification for my workstations. All the names of the
> workstations are in LDAP, the authentification itself should be done
> with EAP-TLS. I would like to have a hint, how to start EAP when the
> LDAP-Query was successfull.
You don't.
Instead, do reject the user if the LDAP query failed.
> The LDAP-Query works I think, FR says:
> [ldap] user scit-beerchen authorized to use remote access, but then it
> tries to make some kind of password authentification (I have no password
> for workstations in LDAP), and is not starting EAP-TLS. The asking host
> "scit-beerchen" is in the WLAN-User Group.
>
> What could I do?
Read the debug log you posted to the list.
You're forcing Auth-Type, and using ntlm_auth for EAP-TLS. This is wrong.
Don't force Auth-Type.
Alan DeKok.
More information about the Freeradius-Users
mailing list