[SOLVED] Re: LDAP bind user authentication

jopo jopo jopo9217 at gmail.com
Sun Oct 12 18:22:07 CEST 2014


> Then at the bottom of the authorize section, add this:
>
> if (User-Password) {
>     update control {
>         Auth-Type := ldap
>     }
> }
>
> Finally, in the authenticate section, insert just 'ldap' at the top and change the Auth-Type PAP stanza from the default to the below (which allows you to use the LDAP bind with things like EAP-TTLS/EAP-GTC, which uses PAP):
>
> Auth-Type PAP {
>     # pap
>     ldap
> }
>

This was exactly the thing that was missing. I didn't try this
solution because it clearly says in the config files "Auth-Type = LDAP
is almost always wrong". Is the section
Auth-Type LDAP {
   ldap
}

now obsolete? Why is it there in the first place, since the comment
above sounds to me pretty much like what i want.


> If you use FreeRADIUS 3.0.x, this becomes a *LOT* easier and straight-forward. The FreeRADIUS guys have built a repository for all major Linux platforms, so you can upgrade to the newest without waiting for your distribution to catch up.

Didn't knew that, maybe i'll upgrade. Thanks for the notice.


More information about the Freeradius-Users mailing list