802.1x EAP + Adtran authenticating on same radius server

Alan DeKok aland at deployingradius.com
Thu Mar 20 23:31:50 CET 2014

Alvin Ramos wrote:
> Is it possible to have 802.1x EAP and Adtran to authenticate to
> freeradius?

  You're mixing terminology.  EAP is an authentication protocol.
Adtrans is a vendor.

  So... what *authentication method* is being used by Adtran?  If you
run the server in debugging mode, you'll see.

> I’ve got the 802.1x EAP authenticating to Active Directory,
> but, when I add in the users file:
> Default LDAP-Group!="NetworkAdmins", Auth-Type := NTLM
> I can login to the adtran device, but not to the 802.1x EAP.

  *Why* did you add that to the "users" file?

  In the absence of *reasons*, it looks like you're making random
changes, and hoping it will magically work.  It won't.

  Run the server in debugging mode, and read the output.  Look at the
output in one situation, and compare it to the other.  You will be able
to see that the packets are different.

  Then, write policies which check for those differences, and implement
rule 1 for situation 1, and rule 2 for situation 2.

  Don't use the "users" file.  It's not generic enough.  Just put the
rules directly into raddb/sites-enabled/default, in the "authorize"
section.  See "man unlang" for syntax, etc.

  I can't give you more specific help, because your message is pretty
much content free.  If you want more details in an answer, post more
details in your questions.

> Should I provide more information?

  The FAQ, "man" page, web pages, and messages every day on this list
say to post the debug output.  Please do so.

  Alan DeKok.

More information about the Freeradius-Users mailing list