Alexandros Gougousoudis wrote: > A host-based authentification for my workstations. All the names of the > workstations are in LDAP, the authentification itself should be done > with EAP-TLS. I would like to have a hint, how to start EAP when the > LDAP-Query was successfull.
You don't. Instead, do reject the user if the LDAP query failed. > The LDAP-Query works I think, FR says: > [ldap] user scit-beerchen authorized to use remote access, but then it > tries to make some kind of password authentification (I have no password > for workstations in LDAP), and is not starting EAP-TLS. The asking host > "scit-beerchen" is in the WLAN-User Group. > > What could I do? Read the debug log you posted to the list. You're forcing Auth-Type, and using ntlm_auth for EAP-TLS. This is wrong. Don't force Auth-Type. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
