Joe Raviele <[EMAIL PROTECTED]> wrote: > I think I have tried every possible setting to get this thing to work, > so as requested here are my conf files and logs when I tried different > settings. I apologize for the long post (its is actually 2, since the > first got bounced), but I am hoping someone had this problem and will > catch something that is an easy fix.
The log shows the TLS session being established, and the server sending an Access-Accept inside of the tunnel. > The next log I set users to: > DEFAULT Huntgroup-Name == 1X, Autz-Type := Wireless_Staff > > and it fails with ERROR: Unknown value specified for Auth-Type The tunnel is established, and the inner session tries to use LDAP for authentication, but you didn't list "ldap" in the "authenticate" section. The LDAP module sets "Auth-Type = LDAP" if it sees a PAP password in the request. I'm not sure this is the right thing to do. You can over-ride this by forcibly setting "Auth-Type := PAP" in the "users" file, for the tunneled session. e.g. #--- DEFAULT FreeRADIUS-Proxided-To == 127.0.0.1, Auth-Type := PAP #-- The reason the first authentication session works is that for some reason the LDAP module is never called. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html