Sorry about that Alan, I knew the post was somewhat cryptic when I wrote it (too many hours awake). I started off basic two years ago and I have the set up working doing all of the authentication for the VPN and Dial accounts since then. I am now doing some testing of adding .1x into the mix. The users/pass are stored on the 2 redundant LDAPs and differnet groups have different attributes which allow them to access resources, and RADIUS talks to several remote access devices. I guess what I basically need to know what the users file should look like so Freeradius knows what is going on. I was thinking along these lines:
DEFAULT Auth-Type := EAP, Huntgroup-Name == 1X But that doesn't tell radius to use LDAP or which attribute to look for. One of the hang ups in my first implementation was because I had the same LDAP serving several different communities and all requiring different attributes, which led me to use Autz-Type on the recomendation of a user on this board. I want to try something like this (setting up a new ldap attribute): DEFAULT Autz-Type := 1X_LDAP, Auth-Type := EAP, Huntgroup-Name == 1X But I know that is not going to work. I hope this gave a better insight into what I was going for, if not I will try banging away at it again tomorrow. thanks again, - Joe On Wed, 15 Dec 2004 18:52:52 -0500, Alan DeKok <[EMAIL PROTECTED]> wrote: > Joe Raviele <[EMAIL PROTECTED]> wrote: > > I have a radius box set up using 1.0.1. Currently it is doing > > authentication and working fine. I am trying to integrate in 802.1x > > auth. I have the EAP-TTLS w/ PAP working fine with a users entry of > > "username" User-Password == "test", but I am confused how the users > > and authorize and authenticate sections of the radiusd file should be > > set to have EAP look at an LDAP entry. > > You don't. LDAP doesn't do EAP. LDAP stores passwords, gives them > to FreeRADIUS, and FreeRADIUS does EAP. > > My suggestion is to start with the default configuration, and > gradually add pieces to it until it does what you want. If you try to > configure everything all at once, it will be too difficult for you to > figure out what might have gone wrong. > > Alan Dekok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
