rlm_ldap: Attribute "User-Password" is required for authentication. HELP Please

Jacob Jarick mem.namefix at gmail.com
Mon Apr 23 14:05:52 CEST 2007 

Thanks again Alan,
For reference the oriellys LDAP book instructs you to set "Auth-Type
:= LDAP" so thats where I got the bad reference (perhaps other people
to).

Now lets see if I understood the tables correctly.

PAP is the only method that will support LDAP bind as user ?

I should comment out
"
        Auth-Type LDAP {
                ldap
        }
"

And as always some follow up questions:

When Using PAP -> LDAP will I still have to map userPassword to User-Password ?

Will there be extra configuration required on free radius to make use
of pap -> ADS ldap or will it work automatically because ldap is
configured in the modules {} section.

Wont using PAP mean plain text password from client -> cisco wap ->
radius -> ADS server ?

On 4/23/07, Alan DeKok <aland at deployingradius.com> wrote:
> Jacob Jarick wrote:
> > My problem is the ldap password retrieved from the windows client is
> > not being sent to the ldap server.
>
>   The problem is that you have configured "Auth-Type := LDAP", and then
> sent the server an 802.1x authentication request. Do NOT set Auth-Type =
> LDAP.  This is repeated all over the place in the configuration files,
> the documentation, and on this list.
>
>   In fact, just delete "ldap" from the "authenticate" section.  If you
> can get PAP working with that setup, then 802.1x && EAP should work, too.
>
>   Make sure that FreeRADIUS is retrieving the password from LDAP.  If
> you have FreeRADIUS doing "bind as user" to LDAP, then it is NOT
> retrieving the password from LDAP.
>
>   See: http://deployingradius.com/documents/protocols/
>
>   And the two other web pages linked to from that page.
>
> > The weird thing is It was working fine friday.
>
>   Because you were doing PAP authentication.
>
>   I'm half inclined to remove "ldap bind as user" from the server
> entirely.  It confuses too many people, and causes too many problems.
>
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list