ldap authentication works on v1.1.4 but fails on 2.1.3

Alan DeKok aland at deployingradius.com
Mon Mar 16 13:57:17 CET 2009


Leese, MJ (Mark) wrote:
> 1. Uncomment "set_auth_type = yes" in raddb/modules/ldap. This was
> already done but I think it's the default anyway :-) 

  Then it should work.

> 2. List "pap" as the last module in the "authorize" section. Sorry, I
> should have said that I'd also tried this. Here is the debug trace with
> the pap module listed last...
...
> 	Mon Mar 16 10:28:26 2009 : Debug: WARNING: No "known good"
> password was found in LDAP.  Are you sure that the user is configured
> correctly?

  And the server doesn't find a password.
> The Access-Request contains a User-Name and plaintext User-Password. My
> LDAP server is Active Directory

  <sigh>  You should have said that at the start.  Active Directory
isn't an LDAP server.  Not really...

> so I don't think it returns anything in
> the userPassword attribute, so I guess this is why PAP also fails to
> find a "known good" password?

  Yes.

> Is there anything else I can try?

  Force Auth-Type := LDAP.

...
>> 	Sun Mar 15 17:59:38 2009 : Info: No authenticate method 
>> (Auth-Type) configuration found for the request: Rejecting the user
>> 	Sun Mar 15 17:59:38 2009 : Info: Failed to authenticate 
>> the user.

  So force Auth-Type := LDAP.  This will make it do "bind as user".

  Alan DeKok.



More information about the Freeradius-Users mailing list