Sam Schultz wrote: >>> DEFAULT <check_items (ex: Realm == 'your_domain')> >>> Autz-Type := <your_ldap_instance (ex: ldap)>, >>> Auth-Type := <module_instance_for_authentication> >>> > > >> so i did what you recommended, which makes sense to do... i have >> Autz-type := eap, and in debug mode i get this clearly an access- >> > reject > >> follows. >> >> auth: No authenticate method (Auth-Type) configuration found for >> > the > >> request: Rejecting the user >> auth: Failed to validate the user. >> > > First off, eap shouldn't be used this way. The top line of eap.conf > clearly states: > > "Whatever you do, do NOT set 'Auth-Type := EAP'. The server is > smart > enough to figure this out on its own" > > Typical modules that would be used here are things like 'files', > 'ldap', > or 'sql'. There are also special types like 'Local' & 'System', > which > you'd have to use one of if you were using an sql table to store > user > credentials. > > The second thing you have to understand is the difference between > modules & instances. An instance is a specific configuration of a > module. The instance itself has a name that is user-specified. > I suggest you read through the configurable_failover document, which > is usually in /usr/share/doc/freeradius-<version>, it isn't long and > offers pretty good insight into how freeradius' configuration gets > processed. > > Also, if you need to use a seperate back-end for authentication, > maybe you should tell us what you need to use so we can give you > more specific > answers. > > reference the initial thread where i said i was authenticating off of active directories, using eap-peap. which i had previously working just fine. Since i didn't specify an instance name in my eap.conf, it is referenced as 'eap' (which i did read, but was following your advice).
Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html