>> DEFAULT <check_items (ex: Realm == 'your_domain')> >> Autz-Type := <your_ldap_instance (ex: ldap)>, >> Auth-Type := <module_instance_for_authentication>
>so i did what you recommended, which makes sense to do... i have >Autz-type := eap, and in debug mode i get this clearly an access- reject >follows. > >auth: No authenticate method (Auth-Type) configuration found for the >request: Rejecting the user >auth: Failed to validate the user. First off, eap shouldn't be used this way. The top line of eap.conf clearly states: "Whatever you do, do NOT set 'Auth-Type := EAP'. The server is smart enough to figure this out on its own" Typical modules that would be used here are things like 'files', 'ldap', or 'sql'. There are also special types like 'Local' & 'System', which you'd have to use one of if you were using an sql table to store user credentials. The second thing you have to understand is the difference between modules & instances. An instance is a specific configuration of a module. The instance itself has a name that is user-specified. I suggest you read through the configurable_failover document, which is usually in /usr/share/doc/freeradius-<version>, it isn't long and offers pretty good insight into how freeradius' configuration gets processed. Also, if you need to use a seperate back-end for authentication, maybe you should tell us what you need to use so we can give you more specific answers. -- Click for free info on online degrees and make $150K/ year http://tagline.hushmail.com/fc/CAaCXv1WBTC2SZD08y4Fk4U6rprEfbhG/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html