On 10/26/2010 03:59 AM, midnightsteel wrote:
Has anyone gotten Freeradius 2.x and LDAP (OpenLDAP, FDS, etc...) to properly
authenticate users?
I get the following in my radius log
Auth: Login incorrect: [wii/<via Auth-Type = EAP>] (from client access port
0 via TLS tunnel)
Auth: Login incorrect: [wii/<via Auth-Type = EAP>] (from client access port
14 cli 78e400881f19)
This is driving me crazy. I can authenticate users from the radius serve to
ldap but not from the access point to radius to ldap
If anyone has gotten it to work please post the example config files that
you used. Im open to answer any questions that you may have about my
configs.
Access point using WPA2-Enterprise>> Freeradius 2.x>> 389-DS(Fedora LDAP)
Yes, people have used LDAP to authenticate 802.1x.
Run the server in debug mode (I should get a keyboard macro to type
this) and look at the output:
radiusd -X | tee logfile
...as you make an authentication attempt. Chances are if you read that
debug output (as suggested in the README) you'll see the problem. If not
post the full debug output here.
In brief:
1. Your ldap server needs to contain the password hash(es) appropriate
for your method of authentication(s) - or better yet the plaintext - and
the freeradius binddn must be able to see them
2. The attribute names should match ldap.attrmap, or you should update is
You said "FreeRadius 2.x". That's a bit vague. What is the actual version?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
