On 16/05/11 13:32, Alexandros Gougousoudis wrote:
Hi,
I'am trying to make FR 2.1.10 on Squeeze work with my LDAP installation.
What I want to do is:
A host-based authentification for my workstations. All the names of the
workstations are in LDAP, the authentification itself should be done
with EAP-TLS. I would like to have a hint, how to start EAP when the
LDAP-Query was successfull. The LDAP-Query works I think, FR says:
[ldap] user scit-beerchen authorized to use remote access, but then it
tries to make some kind of password authentification (I have no password
for workstations in LDAP), and is not starting EAP-TLS. The asking host
"scit-beerchen" is in the WLAN-User Group.
What could I do?
The reason it's failing is nothing to do with LDAP. It's because you've
added a module "ntlm_auth" to the authorize section.
[ntlm_auth] expand: --username=%{mschap:User-Name} ->
--username=scit-beerchen
[ntlm_auth] expand: --password=%{User-Password} -> --password=
Exec-Program output: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a)
Exec-Program-Wait: plaintext: NT_STATUS_WRONG_PASSWORD: Wrong Password
(0xc000006a)
Exec-Program: returned: 1
++[ntlm_auth] returns reject
Using Post-Auth-Type Reject
You've broken the default configs by adding in modules you don't need
and don't understand.
Go back to the default configs. Then *just* configure LDAP, and things
will work.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
