bastardinho69 wrote: > I have successfully set up FreeRADIUS server to use Active Directory to > authenticate LAN users. > My authorize{} and authenticate{} section configuration in radiusd.conf > file looks like this:
If you're using AD for authentication, those sections do *not* look like that. > authorize { > preprocess > eap > mschap > } > authenticate { > Auth-Type MS-CHAP { > mschap > } > eap > } > > As u see, in both sections there is modules eap and mschap mentioned. > Can anybody tell me why it is so? Because the server has multiple stages of processing a request. See doc/aaa.txt. > Or where to look for the answer? I > have been checking the logs from running radius in debug mode but i > cannot find the definite answer, for example, in conversation between > radius server and supplicant, mschap in authorize section always returns > noop, so my question is- why it is needed there if it always returns noop? It's not needed in the "authorize" section if you're only doing EAP. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html