Re: force eap-type

Wed, 23 Feb 2005 02:18:43 -0800 

Kostas Kalevras wrote:

On Wed, 23 Feb 2005, Marc Boisis wrote:

Kostas Kalevras a ?crit :

On Tue, 22 Feb 2005, Marc Boisis wrote:

Hello world
I would like to force EAP-Type according to an ldap attribute . That is to say between authorize ant authenticate.
Is it possible and how ?



I think you just need to map the EAP-Type attribute to an ldap attribute in the user entry. That is, something like this:

dn: uid=user,ou=people,dc=company,dc=com
radiuscheckitem: EAP-Type := EAP-TTLS

authorize{
    eap
    [...]
    ldap
}

authenticate{
    eap
}



- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


--
Kostas Kalevras        Network Operations Center
[EMAIL PROTECTED]    National Technical University of Athens, Greece
Work Phone:        +30 210 7721861
'Go back to the shadow'    Gandalf

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


In fact I want to associate eap-type to the private-group-id attribute like this
if private-group-id==1
then EAP-Type=EAP-TTLS

if private-group-id==1
then EAP-Type=EAP-PEAP

but users file is not read between authorize and authenticate 


YES it does!

How can I do ?

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


--
Kostas Kalevras        Network Operations Center
[EMAIL PROTECTED]    National Technical University of Athens, Greece
Work Phone:        +30 210 7721861
'Go back to the shadow'    Gandalf

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 

I have write this in users:
DEFAULT Tunnel-Private-Group-ID == "1",EAP-Type := EAP-TLS

And this in radiusd.conf:
authorize {
ldap files
eap
}
authenticate {
eap
}

and this is the return:

rlm_ldap: Adding radiusTunnelPrivateGroupId as Tunnel-Private-Group-ID, value 1 & op=11
rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type, value IEEE-802 & op=11
rlm_ldap: Adding radiusTunnelType as Tunnel-Type, value VLAN & op=11
rlm_ldap: user mdelavau authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 10
modcall[authorize]: module "files" returns notfound for request 10
modcall: group authorize returns updated for request 10
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 10
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap

As we can see no match on users apears .....?

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to