Conditional attributes with AD

Fajar A. Nugraha list at fajar.net
Tue Mar 6 22:59:37 CET 2012


On Wed, Mar 7, 2012 at 4:57 AM, Scott McLane Gardner <sgardne at uark.edu> wrote:
>
>
> On 3/6/12 3:55 PM, "Fajar A. Nugraha" <list at fajar.net> wrote:
>
>>On Wed, Mar 7, 2012 at 4:28 AM, Scott McLane Gardner <sgardne at uark.edu>
>>wrote:
>>> If anyone cares, I got this working by calling a script that contained
>>>the
>>> following:
>>
>>That's odd. Did you properly setup the AD as LDAP server in
>>raddb/modules/ldap (or whatever file name you use)?
>
> No, I didn't set it up as an LDAP server since you apparently can't use
> LDAP and EAP at the same time. (Unless I'm reading the documentation
> wrong.)

Yes, you can :)

You CAN'T use some EAP types (e.g. EAP-PEAP-MSCHAPv2) when
authenticating using LDAP bind (i.e. set Auth-Type to LDAP).

You CAN use LDAP as a plain database no matter what authentication
method you use (in this case you're simply using it for group check,
not for authentication).

-- 
Fajar


More information about the Freeradius-Users mailing list