=?iso-8859-1?Q?Alejandro_Mart=EDnez_Marcos?= <[EMAIL PROTECTED]> wrote:
> I would like to authorize the user against LDAP, and if LDAP
> returns error or not found set Auth-Type = Reject. What do I
> have to write in radiusd.conf to get this?
Nothing.
> I know that if no Auth-Type is set, the user will also be rejected, but
> this is not enough for me, because my authorize modulus is like this:
> authorize {
> eap
> ldap
> }
> Although the user is not present in ldap, the eap inizialization is
> setting Auth-Type = EAP!!
The EAP module doesn't supply a password, but it needs one to do
EAP. So if the LDAP module doesn't supply one either, EAP
authentication will fail.
"Auth-Type = EAP" says to TRY to authenticate the user via EAP. If
there's no password, that authenticatsion will fail.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
