Hi, > So I'm moving from an old 1.1.3 (running on rhel5) to 2.1.10 (rhel6). We use > EAP-TTLS > PAP which authenticates against openldap and > dynamically assigns vlans based on ldap group properties. I seem to have > gotten the authentication working, but the vlan assignment > doesn't appear to be happening. All of our users end up in the default vlan > (60). I'm getting a 'No "known good" password' error, > but the bind still seems to be succeeding. Output of radiusd -X is below.
if you take the standard initial 2.1.10 config and then edit the bits you need, then you'll see that for this setup, the most important file for you to deal with is the inner-tunnel virtual server....thats what handles the EAP. so long as you've edited eap.conf correctly so that the certs are correct then things will work. your config suggests that your chosen method, EAP-TTLS isnt the default type in eap.conf you also need to 'copy_request_to_tunnel' for the eap-TTLS (in eap.conf) for the return attributes to work. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
