rlm_ldap + bind as user authentication
Stefan Paetow
Stefan.Paetow at ja.net
Fri Jul 18 10:31:43 CEST 2014
Thank you Arran :-)
I'll update the Wiki page at some point (next week) with this information :-)
Stefan
________________________________________
From: freeradius-users-bounces+stefan.paetow=ja.net at lists.freeradius.org [freeradius-users-bounces+stefan.paetow=ja.net at lists.freeradius.org] on behalf of Arran Cudbard-Bell [a.cudbardb at freeradius.org]
Sent: 17 July 2014 18:51
To: FreeRadius users mailing list
Subject: Re: rlm_ldap + bind as user authentication
On 17 Jul 2014, at 12:48, Stefan Paetow <Stefan.Paetow at ja.net> wrote:
> Oh, and I just realised… If I’m using EAP-GTC as the inner type in an EAP conversation, I only need to replace the ‘pap’ in Auth-Type PAP (in the authenticate section) with ‘ldap’ and it binds ok.
>
> But – Is that the recommended way of doing it?
What I didn't realise before was deep in the darkest murkiest depths of the server core,
is some logic which auto creates the auth types for modules listed in authenticate.
so if you do
authorize {
if (User-Password) {
update control {
Auth-Type := ldap
}
}
}
authenticate {
ldap
}
Should work fine.
If you're doing EAP then this will need to be in the inner tunnel, with EAP listed before
the if statement (or at leas that's the most efficient way).
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
not-for-profit company which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
More information about the Freeradius-Users
mailing list