Freeipa and Freeradius integration
a.cudbardb at freeradius.org
Fri Apr 10 18:15:12 CEST 2015
> On 10 Apr 2015, at 10:08, KL Forwarder <kl.forwarder at gmail.com> wrote:
> On Fri, Apr 10, 2015 at 3:27 PM, Arran Cudbard-Bell
> <a.cudbardb at freeradius.org> wrote:
>>> (0) WARNING: ldap : No "reference" password added. Ensure the admin
>>> user has permission to read the password attribute
>>> (0) WARNING: ldap : PAP authentication will *NOT* work with Active
>>> Directory (if that is what you were trying to configure)
>> It's almost like this had happened before :)
> I saw that indeed ;).
> I now added the admin user in the ldap config file now. It was
> complaining before (wrong dn), but it is starting now. I assume that
> the user I set is correct then ("identity =
> "uid=admin,cn=users,cn=accounts,dc=companyname,dc=local"), with the
> admin password.
> Problem is I still get:
> (0) WARNING: ldap : No "reference" password added. Ensure the admin
> user has permission to read the password attribute
> (0) WARNING: ldap : PAP authentication will *NOT* work with Active
> Directory (if that is what you were trying to configure)
> How can I test if the password is correct? And are there references I
> can use (maybe a good general "Freeradius-ldap" guide?). Thanks so
You need to check if ldapsearch returns the userPassword attribute when bound with the credentials you configured for FR.
The server is warning you that you had a mapping between an LDAP attribute, and a RADIUS attribute it knows is used to store the users password, but that the mapping was skipped because the LDAP server didn't return a value for that attribute.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Freeradius-Users