rlm_ldap + bind as user authentication

Arran Cudbard-Bell a.cudbardb at freeradius.org
Thu Jul 17 19:51:45 CEST 2014


On 17 Jul 2014, at 12:48, Stefan Paetow <Stefan.Paetow at ja.net> wrote:

> Oh, and I just realised… If I’m using EAP-GTC as the inner type in an EAP conversation, I only need to replace the ‘pap’ in Auth-Type PAP (in the authenticate section) with ‘ldap’ and it binds ok.
>  
> But – Is that the recommended way of doing it?

What I didn't realise before was deep in the darkest murkiest depths of the server core,
is some logic which auto creates the auth types for modules listed in authenticate.

so if you do

authorize {
	if (User-Password) {
		update control {
			Auth-Type := ldap
		}
	}
}

authenticate {
	ldap
}

Should work fine.

If you're doing EAP then this will need to be in the inner tunnel, with EAP listed before 
the if statement (or at leas that's the most efficient way).

-Arran


Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140717/ac7ba76f/attachment.pgp>


More information about the Freeradius-Users mailing list