Alan,
Refering to below config, each services having their own LDAP tree and
specified under ldap module with different Auth-Type & Autz-type specified
in radiusd.conf. How can I set in users file to search for which tree?
Normally i detect NAS-Identifier, NAS-Port-Type as check item. If I specify
Auth-Type & Autz-Type in users file, seems working but when up to EAP.. it's
not working....
####################################################
) users
=====
DEFAULT ???? (not to set Auth-Type but need to direct to certain LDAP
tree)
ii) radiusd.conf
==========
ldap adsl {
basedn=ou=ADSL, ou=People...
}
ldap wifi {
basedn=ou=wifi, ou=People...
}
Then .. in authenticate and authorize section :-
authorize {
eap
Autz-Type=ADSL {
adsl
}
Autz-Type=WIFI {
wifi
}
}
authenticate {
Auth-Type=ADSL {
adsl
}
Auth-Type=WIFI {
wifi
}
eap
}
iii) eap.conf
... some config...
##########################################
----- Original Message -----
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list" <[email protected]>
Sent: Monday, August 07, 2006 9:08 AM
Subject: Re: More documentation on Auth-Type
"Rohaizam Abu Bakar" <[EMAIL PROTECTED]> wrote:
I've read the docs about auth-type configuration. And agree that without
setting auth-type and leave FR to auto detect it, the auth will work even
up
to EAP. But sometimes we have to specify auth-type in order to search for
different tree in LDAP
... which isn't authentication. You just described searching an
LDAP tree for information. That's using LDAP for what it was designed
to do best: database lookups.
Once the information is found in LDAP, the RADIUS server can do
CHAP, MS-CHAP, etc. for authentication. LDAP servers don't handle
those authentication protocols, so you're stuck with using LDAP for DB
lookups, and RADIUS for authentication.
normally EAP sequence works OK but when up to comparing password, it will
failed. I've reported my problem a few times in mailing list.
I don't recall seeing that, sorry. What was the problem?
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html