<div dir="ltr">I guess where I am confused is that it works when I don't have write access to sambantpassword in OpenLDAP but fails as soon as I grant that in an ACL.</div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Wed, Aug 20, 2014 at 9:10 AM, Alan DeKok <span dir="ltr"><<a href="mailto:aland@deployingradius.com" target="_blank">aland@deployingradius.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="">Andrew Niemantsverdriet wrote:<br>
> Anybody have any ideas on this? I'm stuck.<br>
<br>
</div> Read the debug output. It's simple.<br>
<br>
[ldap] looking for check items in directory...<br>
[ldap] looking for reply items in directory...<br>
WARNING: No "known good" password was found in LDAP. Are you sure that<br>
the user is configured correctly?<br>
<br>
So... that's the problem.<br>
<br>
Don't blame FreeRADIUS if OpenLDAP isn't returning a password for the<br>
user.<br>
<br>
And when it works:<br>
<br>
ldap] expand: dc=localdomain -> dc=localdomain<br>
[ldap] ldap_get_conn: Checking Id: 0<br>
[ldap] ldap_get_conn: Got Id: 0<br>
[ldap] performing search in dc=localdomain, with filter (uid=stewart.shoe)<br>
[ldap] checking if remote access for stewart.shoe is allowed by uid<br>
[ldap] looking for check items in directory...<br>
[ldap] sambantpassword -> NT-Password ==<br>
0x4434324535354546393031414334453743383444463546434432304135324235<br>
[ldap] looking for reply items in directory...<br>
<br>
See? Pretty simple.<br>
<span class="HOEnZb"><font color="#888888"><br>
Alan DeKok.<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br> _<br>/-\ ndrew Niemantsverdriet<br>Linux System Administrator<br>Academic Computing<br>(406) 238-7360<br>Rocky Mountain College<br>1511 Poly Dr.<br>
Billings MT, 59102<br>
</div>