Hi,
I tried the suggestion and it didn't work, here are the involved
radiusd.conf sections.
You will also notice mschap and similars, that's because we also have
dialup users who need an ldap lookup for their belonging to a dialup
group and the password. I also need to check if chap still works with
this configuration...
instantiate {
exec
ldap
files
expr
}
authorize {
preprocess
auth_log
chap
mschap
suffix
eap
files
pap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
eap
}
And this is the users file line:
[EMAIL PROTECTED] Cleartext-Password := "a", Ldap-Group == "wifi"
I also used this one:
[EMAIL PROTECTED] Ldap-Group == "wifi"
with EAP-TLS.
No way. Both first perform a user-existence check in the ldap_groupcmp() call.
Meaning these both work if user exists in the LDAP tree.
In the meanwhile I'm looking at the source code for this call... it
sounds like this search is hardcoded somewhere. Forgive my suckage.
T_T
Bye,
Inverse
On 7/26/07, inverse <[EMAIL PROTECTED]> wrote:
> > >
> > > users file line:
> > > [EMAIL PROTECTED] Auth-Type := EAP, User-Password == "a", Ldap-Group ==
> > > "wifi"
> >
> > Totally wrong. You want:
> >
> > [EMAIL PROTECTED] Cleartext-Password := "a", Ldap-Group == "wifi"
> >
>
> Thanks, I owe you one
>
>
> Bye,
> Inverse.
>
--
"In a sea of glass shards, I hear you screaming"
--icchan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
