After searching for solution.. found one comment from Alan that advise not
to set Auth-Type :=LDAP because LDAP do not do authentication.. EAP does..
let server figure out itself... In case of EAP, LDAP just extract password
for EAP to do authentication.
But the problem is, my radius need to serve a few services... such as
ADSL, Wifi, Dial up .. etc. Each services have their own LDAP tree for
better management. So in radiusd.conf, there will be a few ldap modules..
See below:-
How do i set in users file in order for WIFI user to perform EAP but get
LDAP info from certain LDAP tree without having to set Auth-Type ????
i) users
=====
DEFAULT ???? (not to set Auth-Type but need to direct to certain LDAP
tree)
ii) radiusd.conf
==========
ldap adsl {
basedn=ou=ADSL, ou=People...
}
ldap wifi {
basedn=ou=wifi, ou=People...
}
Then .. in authenticate and authorize section :-
authorize {
eap
Autz-Type=ADSL {
adsl
}
Autz-Type=WIFI {
wifi
}
}
authenticate {
Auth-Type=ADSL {
adsl
}
Auth-Type=WIFI {
wifi
}
eap
}
iii) eap.conf
... some config...
----- Original Message -----
From: "Phil Mayers" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list" <[email protected]>
Sent: Saturday, June 24, 2006 5:37 PM
Subject: Re: EAP-MD5 with LDAP
Rohaizam Abu Bakar wrote:
Hi..
Using FB 6.0
FR 1.0.5
trying to configure EAP-MD5 with LDAP backend...
But it keep reporting:
rlm_ldap: Attribute "User-Password" is required for authentication.
EAP-MD5 requires you have the plaintext password (in the LDAP server, in
this case). If you do not, you cannot do EAP-MD5. If you do, configure the
LDAP server to give the plaintext password to the radius server (usually
in userPassword) and the radius server to map that into User-Password
(done by default) and it will work.
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
