I guess where I am confused is that it works when I don't have write access to sambantpassword in OpenLDAP but fails as soon as I grant that in an ACL. On Wed, Aug 20, 2014 at 9:10 AM, Alan DeKok <aland@deployingradius.com> wrote:
Andrew Niemantsverdriet wrote:
Anybody have any ideas on this? I'm stuck.
Read the debug output. It's simple.
[ldap] looking for check items in directory... [ldap] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
So... that's the problem.
Don't blame FreeRADIUS if OpenLDAP isn't returning a password for the user.
And when it works:
ldap] expand: dc=localdomain -> dc=localdomain [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=localdomain, with filter (uid=stewart.shoe) [ldap] checking if remote access for stewart.shoe is allowed by uid [ldap] looking for check items in directory... [ldap] sambantpassword -> NT-Password == 0x4434324535354546393031414334453743383444463546434432304135324235 [ldap] looking for reply items in directory...
See? Pretty simple.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- _ /-\ ndrew Niemantsverdriet Linux System Administrator Academic Computing (406) 238-7360 Rocky Mountain College 1511 Poly Dr. Billings MT, 59102