hey Phil, hey list, Phil Mayers sagte: > Michael Messner wrote: >>> Use the "ldap" module to query AD and add attributes to the reply >>> dynamically. For example: >>> >>> DEFAULT Ldap-Group == "cn=students,dc=domain,dc=com" >>> Filter-Id = "Enterasys:version=1:mgmt=su:policy=userrole" >>> >>> ...or similar. >> >> But as I understood I can't use PEAP or MD5 authentication, am I >> right? So there is nothing with 802.1x security?!? > > You can use LDAP just for the group checking. You don't have to use it > for processing the authentication. So if you've already got 802.1x > working e.g. using the mschap module and ntlm_auth, you can carry on > using that.
> > Easiest is to re-order the modules like so: > > authorize { > preprocess > > # let the various auth types get detected and set > chap > mschap > eap > > # now process the other stuff > ldap > files > } > > ...and remove the "Auth-Type LDAP" section from "authenticate" > real great, everything works now! :-) thanks a lot for your help ca mIke - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html