Re: EAP-TTLS with tunneled PAP Users files

[Joe Raviele]

EAP is in both the authenticate and authorize sections. I still have
not gotten it to work, today I am trying several different
permutations of the users file.

- Joe


On Thu, 16 Dec 2004 08:44:20 -0500 (EST), Dustin Doris
<[EMAIL PROTECTED]> wrote:
> 
> > I have a radius box set up using 1.0.1. Currently it is doing
> > authentication and working fine. I am trying to integrate in 802.1x
> > auth. I have the EAP-TTLS w/ PAP working fine with a users entry of
> > "username" User-Password == "test", but I am confused how the users
> > and authorize and authenticate sections of the radiusd file should be
> > set to have EAP look at an LDAP entry. I know I have to set the pap
> > module to md5 to work with the LDAP and that I will have a new
> > huntgroup just for the .1x authentication, but I am stumped from
> > there. Below is how my users file and radiusd look now, my question is
> > really how should they look when I intergrate in the .1x
> >
> > Thanks in advance guys, you have helped me out in the past and I would
> > appreciate anything else you could do for me now.
> >
> > - Joe
> >
> >
> > ***radiusd.conf
> > ...
> > authorize {
> >       autztype VPN_LDAP {
> >                 redundant {
> >                                 VPN_LDAP1
> >                                 VPN_LDAP2
> >                           }
> >         }
> >
> >         autztype Dial_LDAP {
> >                 redundant {
> >                                  Dial_LDAP1
> >                                  Dial_LDAP2
> >                           }
> >         }
> > ...
> > authenticate {
> >         authtype VPN_LDAP {
> >                 redundant {
> >                                 VPN_LDAP1
> >                                 VPN_LDAP2
> >                           }
> >         }
> >
> >         authtype Dial_LDAP {
> >                 redundant {
> >                                  Dial_LDAP1
> >                                  Dial_LDAP2
> >                           }
> >         }
> >
> > ***users
> >
> > DEFAULT Autz-Type := VPN_LDAP, Auth-Type := VPN_LDAP, Huntgroup-Name == VPN
> >
> >
> > DEFAULT Autz-Type := Dial_LDAP, Auth-Type := Dial_LDAP, Huntgroup-Name == 
> > DIAL
> >         Service-Type == Framed-User,
> >         Ascend-Assign-IP-Pool = 1,
> >         Framed-IP-Address = 255.255.255.254,
> >         Framed-MTU = 1524,
> >         Service-Type = Framed-User,
> >         Fall-Through = No
> >
> > -
> 
> Do you have eap in your authorize and authenticate sections?
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html