Hi Christophe.

Christophe Saillard pravi:

For the moment I use Freeradius with EAP-TTLS and it works fine...now I'd like to get users credentials form an existing LDAP database.

The LDAP server sends me a valable MD5 hashed password but I think something failed in my users file configuration.

You should run the server in debug mode and check the output. I use this command: radiusd -Xxxx 2>&1 | tee logfile

Does someone have such a working configuration ? If so, can you send a copy ?

modules { ldap { server = "localhost" basedn = "ou=employees,dc=org,dc=tld" filter = "(PrincipalName=%{User-Name})" start_tls = no } [...]

authorize {
       preprocess
       auth_log
       attr_rewrite
       suffix
       group {
               # the files also activates EAP for user anonymous
               files {
                       notfound = 1
                       ok = return
               }
               ldap
       }
}


authenticate { Auth-Type EAP { eap } Auth-Type PAP { pap } Auth-Type LDAP { ldap } }



In the users file I have:
########################################################
# User anonymous and [EMAIL PROTECTED] should be allowed #
# activate eap for them                                #
########################################################
anonymous       Auth-Type := EAP

########################################################
# Accounting fix for AP                                #
# LDAP authentication for local users                  #
########################################################
DEFAULT         Realm == org.tld, Freeradius-Proxied-To == 127.0.0.1
               User-Name = `%{User-Name}`,
               Fall-Through = yes

DEFAULT         Realm == org.tld, Auth-Type := LDAP, Ldap-UserDN := 
`PrincipalName=%{User-Name},ou=employees,dc=org,dc=tld`, Freeradius-Proxied-To == 
127.0.0.1




-- Lep pozdrav, Rok Papez.

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to