Hello, I know that my problem is so simple that I should be ashamed to ask help, but I have to say that I can't find a good way to do what I want to do.
With the previous release of freeradius 1.1.7, I could do the following things: - people with a correct outer identity and inner identity (login/password) could be authorized and authenticate on a LDAP server, using an EAP-TTLS tunnel, obtained a WPA key. - with the same radius server, I could authenticate people with EAP-PEAP and mschapv2 on a sql database. It was nice, but I had a small problem: accounting was done using the outer identity. Since I was using the ldap to do the authorization, people who put an other valid identity didn't be correctly accounted. Then, I decided to use freeradius 2.0.1. And then I don't see how to obtain a basic configuration that is doing my first point. I always finished by : rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user If I put an Auth-Type := LDAP, it seems better in the first time, but it is worst: rad_check_password: Found Auth-Type LDAP auth: type "LDAP" +- entering group LDAP rlm_ldap: - authenticate rlm_ldap: Attribute "User-Password" is required for authentication. You seem to have set "Auth-Type := LDAP" somewhere. THAT CONFIGURATION IS WRONG. DELETE IT. YOU ARE PREVENTING THE SERVER FROM WORKING PROPERLY. ++[ldap] returns invalid auth: Failed to validate the user. At this point, I don't understand what freeradius want. I don't know how to say : authorize on waht you want, I don't care, and authenticate on my LDAP server. Is it a good configuration sample I can find anywhere ? Regards, -- Thierry CHICH - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html