LDAP bind user authentication

[jopo jopo]

Hello there,

I spend countless hours on this topic. The farthest i could get was
this topic from 2008:
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg49999.html

Freeradius version: 2.1.12 on debian
Basically followed this guide:
http://jitendrakumaryogi.blogspot.de/2013/10/step-by-step-free-radius-configuration.html
so ldap is configured in authorize section in default server and as
authorize and authentication in inner-tunnel.

I would like to use EAP-TTLS-PAP. The aim is to authorize via LDAP by
binding anonymously and just looking up the uid, start an EAP-TTLS
tunnel, tunnel the request to the inner-tunnel server and there use
the clear password send by the supplicant in the following tunneled
request to bind with the credentials against the LDAP server.
If the bind is successfull the auth should be considered successfull.

It works _if_ i provide a manager login to the ldap server so the ldap
module can find the user and add a good password, **but if i delete
those credentials it fails.**

The whole process reaches the point where the authorize section in
inner-tunnel is executed. It says:
.....
[ldap] user pete authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
[ttls] Got tunneled reply code 3
[ttls] Got tunneled Access-Reject
[eap] Handler failed in EAP/ttls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
......


So why is that? I set the set_auth_type in module/ldap to yes since
what's described there is exactly the behaviour i'd like. Why it says
that no authenticate method is set? What can i do that LDAP is doing
the authentication at this point?


Thanks in advance. I hope i delivered al Infrormation needed.
JoVaRi