Sam Schultz wrote: > On Thu, 15 Mar 2007 10:57:29 -0500 joe vieira <[EMAIL PROTECTED]> > wrote: > >> Alan DeKok wrote: >> >>> joe vieira wrote: >>> >>> >>>> i have eap-peap authentication working against our ad domain. >>>> >> peachy >> >>>> keen. what i would like to be able to do is, in our openldap >>>> environment, store attributes for retrieval by radius, cisco >>>> >> stuff/ >> >>>> etc... i assume the way to do this would be to use the >>>> >> authorization >> >>>> sections, but if you add ldap to that then it automatically >>>> >> adds ldap >> >>>> authentication...which i don't want.. >>>> >>>> >>> Upgrade to a newer version of the server, which doesn't do >>> >> that. >> >>> >>> >> which versions would that be? >> > > OK, I think I understand what you're asking. If you want to use LDAP > for authorization ONLY, and something else for authentication, you > could put an entry like this in your 'users' file: > > DEFAULT <check_items (ex: Realm == 'your_domain')> > Autz-Type := <your_ldap_instance (ex: ldap)>, > Auth-Type := <module_instance_for_authentication> > > Setting Autz-Type forces a certain type of authorization. Setting > Auth-Type forces a certain type of authentication. Doing this in a > DEFAULT entry causes ALL users that have Fall-Through set to yes to > be passed through the specified authorization & authentication > method. > This could also be set on a per-user basis by changing DEFAULT to > the > a given user's username. > so i did what you recommended, which makes sense to do... i have Autz-type := eap, and in debug mode i get this clearly an access-reject follows.
auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. obviously their is a module called eap..else the daemon would not start... what do you think? Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html