Ldap + EAP

Alan DeKok aland at deployingradius.com
Tue Jan 23 16:03:13 CET 2007


Rafał Kamiński wrote:
> because my admin say me that password in ldap schema is set by userPassword

  Your users don't seem to have passwords in LDAP.

> And why debug mode still write:
> 
> 	Auth: Login incorrect: [rka/<no User-Password attribute>] (from 	client
> linksys port 61 cli 0014a41e7112)

  Because the password it's trying to print is the password in the
RADIUS packet/

> Maybe error isn't in ldap connection, maybe in driffrent place :(

  The error is in LDAP.

> Tue Jan 23 12:58:10 2007 : Debug: rlm_ldap: performing search in
> ou=Users,dc=blstream, with filter (uid=rka)
> Tue Jan 23 12:58:10 2007 : Debug: rlm_ldap: checking if remote access
> for rka is allowed by uid
> Tue Jan 23 12:58:10 2007 : Debug: rlm_ldap: looking for check items in
> directory...
> Tue Jan 23 12:58:10 2007 : Debug: rlm_ldap: looking for reply items in
> directory...

  And there is nothing printed out about finding "userPassword".
Therefore, the RADIUS server does not know what the "known good"
password is for the user, and cannot authenticate the user.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list