Re: EAP and multiples LDAP

Wed, 27 Oct 2004 02:33:20 -0700 

Hi
thanks for the suggestion.
I achived my target in this way:
Users file:
DEFAULT NAS-IP-Address == "194.116.9.153", Autz-Type:=EAP
DEFAULT Auth-Type ==  EAP, Autz-Type:=LDAP

Radiusd file:
authorize {
       preprocess
       files
       Autz-Type EAP {
         eap
       }
       Autz-Type LDAP {
         ldap
       }
}
authenticate {
       Auth-Type MS-CHAP {
              mschap
        }
        eap
}

I've still problem with  1.0.0 and 1.0.1 versions.
I have compared the logs and the differences are:
in 1.0.0 / 1.0.1
 rlm_eap_tls: Received EAP-TLS ACK message
 rlm_eap_tls: No SSL info available. Waiting for more SSL data.
 eaptls_verify returned 1
 eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED

in 1.0.0pre1
 rlm_eap_tls: Received EAP-TLS ACK message
 rlm_eap_tls: ack handshake is finished
 eaptls_verify returned 3
 eaptls_process returned 3
 rlm_eap_peap: EAPTLS_SUCCESS

Any idea?

Thanks
Best regards

Sergio Sagliocco


Alan DeKok wrote:

Sergio Sagliocco <[EMAIL PROTECTED]> wrote:


I've tried a simpler configuration but I've still problems

My users file is
DEFAULT NAS-IP-Address == 192.168.9.153, Authz-Type:=LDAP



 No, it's not.  There's no "Authz-Type" attribute.

 When posting to the list, DO NOT re-type the data from your
configuration files.  CUT AND PASTE it instead.  Re-typing the data is
a guaranteed way to confuse everybody, and to make it impossible to
solve your problem.



When I try to authenticate the log shows this errors:
.....
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "files" returns notfound for request 8



 You might want to check that.  You want it to match an entry in the
"users" file, and it's telling you that it hasn't matched anything.

 Try fixing that.



If the authorize section is
authorize {
preprocess
eap
ldap
}
and the users file is empty it works fine



 Yes, because you're now telling it to call LDAP.  Previously, you
weren't telling it to call LDAP, and the server told you it wasn't
being told to call LDAP.

 Alan DeKok.

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html






--
Sergio SAGLIOCCO
SecureLAB - System & Network Security CSP s.c. a r.l. ______________________________________________
Villa Gualino
Viale Settimo Severo, 63 - 10133 Torino [IT]
tel. +39 011 481 5140 - Mobile +39 348 6024078 fax +39 011 481 5001 ______________________________________________




- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to