Hi Christophe.
Christophe Saillard pravi:
For the moment I use Freeradius with EAP-TTLS and it works fine...now I'd like to get users credentials form an existing LDAP database.
The LDAP server sends me a valable MD5 hashed password but I think something failed in my users file configuration.
You should run the server in debug mode and check the output. I use this command: radiusd -Xxxx 2>&1 | tee logfile
Does someone have such a working configuration ? If so, can you send a copy ?
modules { ldap { server = "localhost" basedn = "ou=employees,dc=org,dc=tld" filter = "(PrincipalName=%{User-Name})" start_tls = no } [...]
authorize { preprocess auth_log attr_rewrite suffix group { # the files also activates EAP for user anonymous files { notfound = 1 ok = return } ldap } }
authenticate { Auth-Type EAP { eap } Auth-Type PAP { pap } Auth-Type LDAP { ldap } }
In the users file I have: ######################################################## # User anonymous and [EMAIL PROTECTED] should be allowed # # activate eap for them # ######################################################## anonymous Auth-Type := EAP
######################################################## # Accounting fix for AP # # LDAP authentication for local users # ######################################################## DEFAULT Realm == org.tld, Freeradius-Proxied-To == 127.0.0.1 User-Name = `%{User-Name}`, Fall-Through = yes
DEFAULT Realm == org.tld, Auth-Type := LDAP, Ldap-UserDN := `PrincipalName=%{User-Name},ou=employees,dc=org,dc=tld`, Freeradius-Proxied-To == 127.0.0.1
-- Lep pozdrav, Rok Papez.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html