'RE: Freeradius 2.1.5 and LDAP+EAP-TLS problem.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    RE: Freeradius 2.1.5 and LDAP+EAP-TLS problem.
From:       "Ville Leinonen" <ville.leinonen () solodel ! com>
Date:       2009-03-30 11:48:45
Message-ID: 91F49F3E5EA08844ADDAC75AE1E0EAFE2A88 () solodel-dc01 ! Solodel ! local
[Download RAW message or body]

Hi,

Never mind i figure out my problem. I add this line in my configuration:

ldap {
   notfound = reject
}

So if user is not in my ldap. Then its rejected.

Br,

Ville


-----Original Message-----
From: freeradius-users-bounces+ville.leinonen=solodel.com@lists.freeradius.org on \
                behalf of Ville Leinonen
Sent: Mon 30/03/2009 14:36
To: freeradius-users@lists.freeradius.org
Subject: Re: Freeradius 2.1.5 and LDAP+EAP-TLS problem.
 
Hi,

Maybe im not started this post clearly. So i try open again what i want to do.

I have a computer certificates. 
I also have openldap and that ldap includes my computer accounts.

Now I want to use those certificates to authenticate
computers and get authorization information inside my ldap. If
computers dont have account in my ldap it's rejected.

But if i put only ldap in my authorization section radius gives:

"No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user"

If i put also eap in authorization section, the radius uses eap
for authorization and give access-accept. Even if user not found
in ldap.

Br,

Ville


> Here is some other logs if i use only ldap for authorize section:
> 

> You have butchered the configuration and now you are wondering why it's
> not working? If you don't know what you are doing - don't do it. If
> you feel the urge to disable something (disbling unused modules is
> hardly going to make any impact on preformance) get things working first
> - than remove things you feel you must one by one. If you remove
> something vital you will know what it was and will be able to put it
> back.

> Use default configuration. Configure *only* ldap module. Don't make
> *any* changes to virtual servers (authorize, authenticate etc.). And it
> will work.

> Ivan Kalik
> Kalik Informatika ISP


["winmail.dat" (application/ms-tnef)]

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic