<div dir="ltr">Hi, I am trying to authenticate users against Active Directory using LDAP. I can perform the initial bind using an ldap bind account. I can then successfully find the Distinguished Name in Active Directory given a domain user's username. I would now like to re-bind using that Distinguished Name in order to authenticate the password they supplied as described in point 4 here: <br>
<br><div><a href="http://thecarlhall.wordpress.com/2011/01/04/ldap-authentication-authorization-dissected-and-digested/">http://thecarlhall.wordpress.com/2011/01/04/ldap-authentication-authorization-dissected-and-digested/</a><br>
<br></div><div>The problem I am having is my server errors out with 'No Auth-Type found' come authentication time. I added 'set_auth_type = yes' to mods-available/ldap but it seems to have had no effect.<br>
<br>I am very new to this so am still finding my feet - can anyone help?<br><br><br>Subset of output from terminal (redacted some personal info):<br><br>(0) ldap : Performing search in 'ou=Users,dc=example,dc=domain,dc=com' with filter '(uid=example-user)'<br>
(0) ldap : Waiting for search result...<br>(0) ldap : User object found at DN "CN=Name,OU=Users,DC=example,DC=domain,DC=com"<br>rlm_ldap (ldap): Released connection (4)<br>rlm_ldap (ldap): Closing connection (0): Too many free connections (5 > 3)<br>
(0) [ldap] = ok<br>(0) [chap] = noop<br>(0) [mschap] = noop<br>(0) [digest] = noop<br>(0) suffix : No '@' in User-Name = 'example-user', looking up realm NULL<br>(0) suffix : No such realm "NULL"<br>
(0) [suffix] = noop<br>(0) eap : No EAP-Message, not doing EAP<br>(0) [eap] = noop<br>(0) [files] = noop<br>(0) [expiration] = noop<br>(0) [logintime] = noop<br>(0) WARNING: pap : No "known good" password found for the user. Not setting Auth-Type.<br>
(0) WARNING: pap : Authentication will fail unless a "known good" password is available.<br>(0) [pap] = noop<br>(0) } # authorize = ok<br>(0) ERROR: No Auth-Type found: rejecting the user via Post Auth-Type = Reject<br>
(0) Failed to authenticate the user.<br>(0) Using Post-Auth-Type Reject<br><br>Many thanks<br></div></div>