problem configuring freeradius with ldap user database

Alan DeKok aland at
Sat Jun 14 09:22:30 CEST 2008

Sambuddho Chakravarty wrote:
>  I am experiencing a problem while trying to authenticate the
> username/password in LDAP through a freeradius server. While a regular
> telnet/ssh to the edge running a openLdap client / PAM module works fine
> (It is able to authenticate) but the problem arises when trying to
> authenticate using the freeradius server . 
> This is what the log message looks like :
> User-Name = "try"
>         User-Password = "trialanderror"
>         NAS-IP-Address =
> rlm_ldap: performing search in ou=People,dc=example,dc=com, with filter
> (uid=try)
> rlm_ldap: Added password {crypt}$1$2Pl0Lm5O$ot8mrXYBaAg12RoBogNDK. in
> check items

  If you do NOTHING more than configure "ldap" in the default
configuration, this should work.

>   modcall[authorize]: module "ldap" returns ok for request 0
> modcall: group authorize returns ok for request 0

  You're not using 2.0, and you've edited the default configuration.  DO
use a recent version.  DON'T edit the configuration to re-arrange the
modules in the "authorize" section.

> Here you can see that the authorization of a user 'try' having password
> 'trialanderror' works fine but authentication fails. The host running
> the freeradius server is Fedora Core 5 running linux 2.6.25.

  The OS doesn't matter.  The version of FreeRADIUS does.

  It seems you're using 1.1.x.  You should at LEAST upgrade to 1.1.7.
Then, un-comment the references to LDAP, and configure the LDAP module.
 The test WILL work.

  Alan DeKok.

More information about the Freeradius-Users mailing list