I have a radius box set up using 1.0.1. Currently it is doing
authentication and working fine. I am trying to integrate in 802.1x
auth. I have the EAP-TTLS w/ PAP working fine with a users entry of
"username" User-Password == "test", but I am confused how the users
and authorize and authenticate sections of the radiusd file should be
set to have EAP look at an LDAP entry. I know I have to set the pap
module to md5 to work with the LDAP and that I will have a new
huntgroup just for the .1x authentication, but I am stumped from
there. Below is how my users file and radiusd look now, my question is
really how should they look when I intergrate in the .1x
Thanks in advance guys, you have helped me out in the past and I would
appreciate anything else you could do for me now.
- Joe
***radiusd.conf
...
authorize {
autztype VPN_LDAP {
redundant {
VPN_LDAP1
VPN_LDAP2
}
}
autztype Dial_LDAP {
redundant {
Dial_LDAP1
Dial_LDAP2
}
}
...
authenticate {
authtype VPN_LDAP {
redundant {
VPN_LDAP1
VPN_LDAP2
}
}
authtype Dial_LDAP {
redundant {
Dial_LDAP1
Dial_LDAP2
}
}
***users
DEFAULT Autz-Type := VPN_LDAP, Auth-Type := VPN_LDAP, Huntgroup-Name == VPN
DEFAULT Autz-Type := Dial_LDAP, Auth-Type := Dial_LDAP, Huntgroup-Name == DIAL
Service-Type == Framed-User,
Ascend-Assign-IP-Pool = 1,
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 1524,
Service-Type = Framed-User,
Fall-Through = No
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
