I guess where I am confused is that it works when I don't have write access to sambantpassword in OpenLDAP but fails as soon as I grant that in an ACL.


On Wed, Aug 20, 2014 at 9:10 AM, Alan DeKok <aland@deployingradius.com> wrote:
Andrew Niemantsverdriet wrote:
> Anybody have any ideas on this? I'm stuck.

  Read the debug output.  It's simple.

[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that
the user is configured correctly?

  So... that's the problem.

  Don't blame FreeRADIUS if OpenLDAP isn't returning a password for the
user.

  And when it works:

ldap]   expand: dc=localdomain -> dc=localdomain
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in dc=localdomain, with filter (uid=stewart.shoe)
[ldap] checking if remote access for stewart.shoe is allowed by uid
[ldap] looking for check items in directory...
  [ldap] sambantpassword -> NT-Password ==
0x4434324535354546393031414334453743383444463546434432304135324235
[ldap] looking for reply items in directory...

  See?  Pretty simple.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



--
 _
/-\ ndrew Niemantsverdriet
Linux System Administrator
Academic Computing
(406) 238-7360
Rocky Mountain College
1511 Poly Dr.
Billings MT, 59102