Re: More documentation on Auth-Type

Mon, 07 Aug 2006 02:41:50 -0700 

Alan,
Refering to below config, each services having their own LDAP tree and specified under ldap module with different Auth-Type & Autz-type specified in radiusd.conf. How can I set in users file to search for which tree? Normally i detect NAS-Identifier, NAS-Port-Type as check item. If I specify Auth-Type & Autz-Type in users file, seems working but when up to EAP.. it's not working.... 

####################################################

) users
=====

DEFAULT     ????  (not to set Auth-Type but need to direct to certain LDAP
tree)



ii) radiusd.conf
==========

ldap adsl {
   basedn=ou=ADSL, ou=People...
}
ldap wifi {
   basedn=ou=wifi, ou=People...
}

Then .. in authenticate and authorize section :-

authorize {
   eap
   Autz-Type=ADSL {
       adsl
  }
   Autz-Type=WIFI {
        wifi
   }
}
authenticate {

   Auth-Type=ADSL {
       adsl
  }
   Auth-Type=WIFI {
        wifi
   }
   eap

}

iii) eap.conf

... some config...


##########################################
----- Original Message ----- From: "Alan DeKok" <[EMAIL PROTECTED]> 
To: "FreeRadius users mailing list" <[email protected]>
Sent: Monday, August 07, 2006 9:08 AM
Subject: Re: More documentation on Auth-Type



"Rohaizam Abu Bakar" <[EMAIL PROTECTED]> wrote:

I've read the docs about auth-type configuration. And agree that without
setting auth-type and leave FR to auto detect it, the auth will work even up 
to EAP. But sometimes we have to specify auth-type in order to search for
different tree in LDAP


 ... which isn't authentication.  You just described searching an
LDAP tree for information.  That's using LDAP for what it was designed
to do best: database lookups.

 Once the information is found in LDAP, the RADIUS server can do
CHAP, MS-CHAP, etc. for authentication.  LDAP servers don't handle
those authentication protocols, so you're stuck with using LDAP for DB
lookups, and RADIUS for authentication.


normally EAP sequence works OK but when up to comparing password, it will
failed. I've reported my problem a few times in mailing list.


 I don't recall seeing that, sorry.  What was the problem?

 Alan DeKok.
--
 http://deployingradius.com       - The web site of the book
 http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to