[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: RE: Freeradius 2.1.5 and LDAP+EAP-TLS problem.
From: "Ville Leinonen" <ville.leinonen () solodel ! com>
Date: 2009-03-30 11:48:45
Message-ID: 91F49F3E5EA08844ADDAC75AE1E0EAFE2A88 () solodel-dc01 ! Solodel ! local
[Download RAW message or body]
Hi,
Never mind i figure out my problem. I add this line in my configuration:
ldap {
notfound = reject
}
So if user is not in my ldap. Then its rejected.
Br,
Ville
-----Original Message-----
From: freeradius-users-bounces+ville.leinonen=solodel.com@lists.freeradius.org on \
behalf of Ville Leinonen
Sent: Mon 30/03/2009 14:36
To: freeradius-users@lists.freeradius.org
Subject: Re: Freeradius 2.1.5 and LDAP+EAP-TLS problem.
Hi,
Maybe im not started this post clearly. So i try open again what i want to do.
I have a computer certificates.
I also have openldap and that ldap includes my computer accounts.
Now I want to use those certificates to authenticate
computers and get authorization information inside my ldap. If
computers dont have account in my ldap it's rejected.
But if i put only ldap in my authorization section radius gives:
"No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user"
If i put also eap in authorization section, the radius uses eap
for authorization and give access-accept. Even if user not found
in ldap.
Br,
Ville
> Here is some other logs if i use only ldap for authorize section:
>
> You have butchered the configuration and now you are wondering why it's
> not working? If you don't know what you are doing - don't do it. If
> you feel the urge to disable something (disbling unused modules is
> hardly going to make any impact on preformance) get things working first
> - than remove things you feel you must one by one. If you remove
> something vital you will know what it was and will be able to put it
> back.
> Use default configuration. Configure *only* ldap module. Don't make
> *any* changes to virtual servers (authorize, authenticate etc.). And it
> will work.
> Ivan Kalik
> Kalik Informatika ISP
["winmail.dat" (application/ms-tnef)]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic