Dear Alan,

Finally, I manage to get TTLS with PAP work by just change the config in radius.conf:

authorize{

ldap_1x
}

authenticate {

        Auth-Type LDAP {
                ldap_1x
        }

}

However, I do notice radius only insert the login record in radpostauth but no record in radacct. If I'm using EAP-MD5 with L2 switch as NAS, a login record will be there. What make this happen?

radius_xlat:  'INSERT into radpostauth (id, user, pass, reply, date) values ('', '[EMAIL PROTECTED]', 'Chap-Password', 'Access-Accept', NOW())'

Regards


[EMAIL PROTECTED] wrote:
Hi Alan,

After try to remove the Auth-Type in users and let radius auto detect the method, also add in another 3 new attribute in ldif, below is the different message I get. Can you please have a look? Thanks.

modcall[authorize]: module "ldap_1x" returns ok for request 4
modcall: group Autz-Type returns ok for request 4
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: EAP-Message not found
rlm_eap: Malformed EAP Message
  modcall[authenticate]: module "eap" returns fail for request 4
modcall: group authenticate returns fail for request 4
auth: Failed to validate the user.

New ldif :
dn: uid=user, ou=People, dc=ocesb, dc=com, dc=my, dc=.
mailLocalAddress: [EMAIL PROTECTED]
givenName: Tan Chee
accountStatus: active
radiusClass: 0x01
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: radiusprofile
objectClass: qmailUser
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
mailRoutingAddress: [EMAIL PROTECTED]
mailQuotaSize: 2000000000
userPassword:: b2NlYm9sZWg=
shadowLastChange: 12745
mailAlternateAddress: [EMAIL PROTECTED]
mailMessageStore: vmail/ocesb.com.my/user/Maildir/
uid: user
mail: [EMAIL PROTECTED]
uidNumber: 5000
radiusGroupName: test
cn: Tan Chee Keong
radiusAuthType: EAP
dialupAccess: Yes
loginShell: /bin/false
gidNumber: 5000
shadowMax: 99999
gecos: Tan Chee Keong
mailHost: mailpj.ocesb.com.my
homeDirectory: /home/vmail/ocesb.com.my/user
sn: Keong

Alan DeKok wrote:
[EMAIL PROTECTED] wrote:
..
  
  rad_check_password:  Found Auth-Type LDAP1
    

  Why did you set that?  It's breaking EAP.

  Read eap.conf.  DO NOT SET AUTH-TYPE.

  This comes up so often on the list, and it's documented in so many
places, that I'm don't understand why people still run into it.

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
  


-- 
CK Tan
IT Manager

Optical Communication Engineering S/B
19, Jalan Semangat,
46200 Petaling Jaya, Selangor Darul Ehsan
Tel: +60 3 76808000   EXT:1205
Fax: +60 3 76808010
H/P: +60 12 9033077
email: [EMAIL PROTECTED]

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-- 
CK Tan
IT Manager

Optical Communication Engineering S/B
19, Jalan Semangat,
46200 Petaling Jaya, Selangor Darul Ehsan
Tel: +60 3 76808000   EXT:1205
Fax: +60 3 76808010
H/P: +60 12 9033077
email: [EMAIL PROTECTED]
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to