Hi Christophe.
Christophe Saillard pravi:
For the moment I use Freeradius with EAP-TTLS and it works fine...now I'd like to get users credentials form an existing LDAP database.
The LDAP server sends me a valable MD5 hashed password but I think something failed in my users file configuration.
You should run the server in debug mode and check the output. I use this command: radiusd -Xxxx 2>&1 | tee logfile
Does someone have such a working configuration ? If so, can you send a copy ?
modules { ldap { server = "localhost" basedn = "ou=employees,dc=org,dc=tld" filter = "(PrincipalName=%{User-Name})" start_tls = no } [...]
authorize {
preprocess
auth_log
attr_rewrite
suffix
group {
# the files also activates EAP for user anonymous
files {
notfound = 1
ok = return
}
ldap
}
}
authenticate { Auth-Type EAP { eap } Auth-Type PAP { pap } Auth-Type LDAP { ldap } }
In the users file I have: ######################################################## # User anonymous and [EMAIL PROTECTED] should be allowed # # activate eap for them # ######################################################## anonymous Auth-Type := EAP
########################################################
# Accounting fix for AP #
# LDAP authentication for local users #
########################################################
DEFAULT Realm == org.tld, Freeradius-Proxied-To == 127.0.0.1
User-Name = `%{User-Name}`,
Fall-Through = yesDEFAULT Realm == org.tld, Auth-Type := LDAP, Ldap-UserDN :=
`PrincipalName=%{User-Name},ou=employees,dc=org,dc=tld`, Freeradius-Proxied-To ==
127.0.0.1
-- Lep pozdrav, Rok Papez.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
