Dear Alan,
Finally, I manage to get TTLS with PAP work by just change the config
in radius.conf:
authorize{
ldap_1x
}
authenticate {
Auth-Type LDAP {
ldap_1x
}
}
However, I do notice radius only insert the login record in radpostauth
but no record in radacct. If I'm using EAP-MD5 with L2 switch as NAS, a
login record will be there. What make this happen?
radius_xlat: 'INSERT into radpostauth (id, user, pass, reply, date)
values ('', '[EMAIL PROTECTED]', 'Chap-Password', 'Access-Accept',
NOW())'
Regards
[EMAIL PROTECTED] wrote:
Hi Alan,
After try to remove the Auth-Type in users and let radius auto detect
the method, also add in another 3 new attribute in ldif, below is the
different message I get. Can you please have a look? Thanks.
modcall[authorize]: module "ldap_1x" returns ok for request 4
modcall: group Autz-Type returns ok for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: EAP-Message not found
rlm_eap: Malformed EAP Message
modcall[authenticate]: module "eap" returns fail for request 4
modcall: group authenticate returns fail for request 4
auth: Failed to validate the user.
New ldif :
dn: uid=user, ou=People, dc=ocesb, dc=com, dc=my, dc=.
mailLocalAddress: [EMAIL PROTECTED]
givenName: Tan Chee
accountStatus: active
radiusClass: 0x01
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: radiusprofile
objectClass: qmailUser
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
mailRoutingAddress: [EMAIL PROTECTED]
mailQuotaSize: 2000000000
userPassword:: b2NlYm9sZWg=
shadowLastChange: 12745
mailAlternateAddress: [EMAIL PROTECTED]
mailMessageStore: vmail/ocesb.com.my/user/Maildir/
uid: user
mail: [EMAIL PROTECTED]
uidNumber: 5000
radiusGroupName: test
cn: Tan Chee Keong
radiusAuthType: EAP
dialupAccess: Yes
loginShell: /bin/false
gidNumber: 5000
shadowMax: 99999
gecos: Tan Chee Keong
mailHost: mailpj.ocesb.com.my
homeDirectory: /home/vmail/ocesb.com.my/user
sn: Keong
Alan DeKok wrote:
[EMAIL PROTECTED] wrote:
..
rad_check_password: Found Auth-Type LDAP1
Why did you set that? It's breaking EAP.
Read eap.conf. DO NOT SET AUTH-TYPE.
This comes up so often on the list, and it's documented in so many
places, that I'm don't understand why people still run into it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
CK Tan
IT Manager
Optical Communication Engineering S/B
19, Jalan Semangat,
46200 Petaling Jaya, Selangor Darul Ehsan
Tel: +60 3 76808000 EXT:1205
Fax: +60 3 76808010
H/P: +60 12 9033077
email: [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
CK Tan
IT Manager
Optical Communication Engineering S/B
19, Jalan Semangat,
46200 Petaling Jaya, Selangor Darul Ehsan
Tel: +60 3 76808000 EXT:1205
Fax: +60 3 76808010
H/P: +60 12 9033077
email: [EMAIL PROTECTED]
|