Hi All, The last week I've had my first encounter with FreeRADIUS as we were supposed to deploy eduroam. I had a lot of fun doing it although I have dreamt about the config files after a couple of days :) Everything is working as it should so no worries there, but I'm curious about something. I configured the proxies and the local realm. When I did a radtest like this: radtest [email protected] password 127.0.0.1 1 secret I would get an Accept-Accept. The debug output would show that first a bind and then an LDAP search is performed in our eDirectory. Okay! Fun times I thought, let's try it on my mobile phone because a test account I got from an academic institution in the UK worked so local authentication should work as well! I entered the credentials but now comes the difference. Using a Wifi device made the LDAP search fail because it tried to authenticate the [email protected] in stead of stripping the suffix. I've been staring at the config files to see if I got the LDAP-filter defined two times somewhere but that doesn't seem to be the case. Now, this wasn't a really big problem because users can be pretty stupid and we decided to let them authenticate using their email address in stead of their username@domain which would to too much confusion for them. The LDAP filter was: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" Is now: filter = "(|(cn=%{Stripped-User-Name:-%{User-Name}})(mail=%{User-Name}))" The proxy.conf lines right before it's defaulted to eduroam: realm ettyhillesumlyceum.nl { } Anyone has an idea why radtest would behave differently from an 802.1x login? Regards, Bas
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
