>The problem is that PAM is never used. This seems to be an artifact of >the fact that rlm_ldap is supposed to fetch a "known good" password, but >I don't have passwords in the LDAP database. rlm_ldap is indeed >successful in authorizing, but there is no Auth-Type set to handle the >authentication. > >If I for example force Auth-Type to PAM in the users file (not good, I >know), TTLS-negotiation is never run. >
Don't set it in users file. Set it using unlang in authorize section of inner-tunnel virtual server. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
