Doubt about default and inner-tunnel

Giovanni Lovato Sun, 05 Oct 2008 12:25:09 -0700

I use FR 2.1.1 for WPA authentication, using TTLS+MSCHAPv2 and LDAP to store users and passwords (in LM/NT hash format). I tried several configurations:


Configuration 1:
- no changes in sites-enabled/default;

- in sites-enabled/inner-tunnel uncommented "ldap" in authorize and "Auth-Type LDAP" in authenticate.

Result: users get access even with an incorrect password. Why?


Configuration 2:

- in sites-enabled/default uncommented "ldap" in authorize and "Auth-Type LDAP" in authenticate;

- no changes in sites-enabled/inner-tunnel.
Result: users aren't authenticated.

Configuration 3:
- in sites-enabled/default uncommented "Auth-Type LDAP" in authenticate;
- in sites-enabled/inner-tunnel uncommented "ldap" in authorize.

Result: it seems to work correctly, users get access only with a correct password.

I can't understand well the flow of the process between the two virtual servers :(

smime.p7s
Description: S/MIME Cryptographic Signature

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Doubt about default and inner-tunnel

Reply via email to