Thierry CHICH wrote: > With the previous release of freeradius 1.1.7, I could do the following > things: > - people with a correct outer identity and inner identity (login/password) > could be authorized and authenticate on a LDAP server, using an EAP-TTLS > tunnel, obtained a WPA key. > - with the same radius server, I could authenticate people with EAP-PEAP and > mschapv2 on a sql database.
2.0.1 can do this, too. 1) configure certificates 2) set up test user as in the FAQ 3) validate that the test user works for EAP-TTLS && PEAP. Then: 4) configure SQL 5) validate that "radtest" works for users in SQL 6) validate that EAP-TTLS && PEAP work for users in SQL. > It was nice, but I had a small problem: accounting was done using the outer > identity. Since I was using the ldap to do the authorization, people who put > an other valid identity didn't be correctly accounted. In 2.0.1, see raddb/sites-available/inner-tunnel for comments && configuration to fix this. Or, the other reply to your message. > I always finished by : > rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. > auth: No authenticate method (Auth-Type) configuration found for the request: > Rejecting the user The most common cause for this is that you massively edited the configuration file without understanding what it was doing. The simple answer is DON'T DO THAT. > If I put an Auth-Type := LDAP, it seems better in the first time, but it is > worst: Exactly. It breaks EAP-TTLS and PEAP. > At this point, I don't understand what freeradius want. > I don't know how to say : authorize on waht you want, I don't care, and > authenticate on my LDAP server. Start off with the default radiusd.conf. Configure the ldap module, and un-comment the references to ldap. It WILL work! > Is it a good configuration sample I can find anywhere ? /etc/raddb/radiusd.conf? Really. See also "man radiusd" in 2.0.1. It gives detailed instructions for how to convert the default "radiusd.conf" file into something that works, but also has your local configuration. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html