EAP-GTC w/ "PAP-like" LDAP authentication
Ian Pilcher
arequipeno at gmail.com
Tue Jan 29 21:21:31 CET 2019
On 1/29/19 1:03 PM, Alan DeKok wrote:
> That configuration is intended for a different use-case. While they
> might work, they're not correct.
>
> My earlier recommendation is the correct approach.
Indeed. I was confused by the fact that the changes in that note make
radtest (and EAP-TTLS) work.
I've done a bit of testing, and I've come up with the following changes
required to make each "method" work. (In addition to the certificate &
LDAP configuration that is common across all 3 "methods.")
* radtest
- force Auth-Type LDAP in the authorize section of
sites-available/default
- enable LDAP authentication in the authenticate section of
sites-available/default
* EAP-TTLS
- force Auth-Type LDAP in the authorize section of
sites-available/inner-tunnel
- enable LDAP authentication in the authenticate section of
sites-available/inner-tunnel
* EAP-GTC
- set auth_type = LDAP in the gtc section of mods-available/eap
- enable LDAP authentication in the authenticate section of
sites-available/inner-tunnel
I hope I've got that right.
Thanks!
--
========================================================================
Ian Pilcher arequipeno at gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================
More information about the Freeradius-Users
mailing list