David Dunn wrote:
You need to set Auth-Type in the users file. Since you don't the ldap module sets it to LDAP.
OK I understand, but what Auth-Type should I set in the users file?
It shouldn't be LDAP (I'll end up where I started). Nor PAP, as password is not available before the EAP-TLS tunnel has been established and authentication will fail. Set to EAP, once the password is sent through the TLS tunnel FR still expect EAP authentication and it failed.
Suggestions?
DEFAULT Auth-Type := PAP, Freeradius-Proxied-To == 127.0.0.1 Fall-Through = Yes
AFAIK: FR works so that after the EAP-TTLS tunnel is established it proxies all inner RADIUS requests to 127.0.0.1 where they reenter processing.
-- Lep pozdrav, Rok Papez.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html