On Feb 2, 2016, at 3:45 PM, Will W. <will@damagesinc.net> wrote:
it is the radiusd -X out of the radtast here are the fail and success
This ends up not being complicated. Reading the debug output helps.
Success ... rlm_ldap (ldap) - Bind successful (1) ldap (updated) (1) pap - Converted: Password-With-Header -> Crypt-Password
That's clear.
Fail ... (0) ldap - User object found at DN "uid=user,ou=Users,dc=myhost,dc=com" (0) ldap - Processing user attributes (0) ldap - WARNING: No "known good" password added. Set 'identity' to the dn of an account that has permission to read the user's password attribute
If only the server produced useful error messages. This isn't rocket science. For the "success" case, the user has a password in LDAP. For the "fail" case, the user doesn't have a password in LDAP. Or, the user doesn't have permission to read the password. Have you tried checking the user entries in LDAP? Alan DeKok.