Hello Alan, I acknowledge that I should have said “am I reading this properly?” or something else that was obviously a question. What I wrote *does* come off as aggressive, though that was absolutely not the intent. Apologies for any rudeness. You were, not surprisingly, correct; the problem was with ldap. Once we got ldap doing what it was supposed to, it worked. The freeradius config was fine all along. As noobs often do, I was overthinking it and in consequence, missing the real culprit. Thank you for your help. /mh Sent from my iPhone
On Mar 21, 2023, at 13:59, Alan DeKok <aland@deployingradius.com> wrote:
On Mar 20, 2023, at 4:35 PM, Matt H <meh1963@gmail.com> wrote:
Thank you. FWIW, quoting the page was more me was trying to figure it out; it wasn't intended to offend.
I'm just wondering why it's necessary to quote a page I wrote back to me. The quote wasn't asking a question, it was pretty much saying "but the page says it should work!". Which is more argumentative than asking for help.
Your comments made me realize that freeradius is (to all intents and purposes) working properly, and that the problem lies with the ldap host.
That's also what the debug output said: no password was returned from LDAP.
While the debug output looks complex and overwhelming, you can ignore 99% of it most of the time. In most cases, look for "error" or "warning".
If password authentication doesn't work, look for "password" in the debug output. If you're using LDAP, look for the word "ldap".
For the debug output you posted, it didn't even include "ldap". Which means it wasn't even talking to the LDAP server.
The process here is very very simple:
* is FreeRADIUS connecting to LDAP?
* is the LDAP module returning a password?
Those questions are answered by reading the debug output.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html