Hi Alan, I've taken out the LDAP section in users - so it's exactly the same as the default users file. ldap is now listed after mschap in authorize {}. Trying again, I get the following: rlm_ldap: user joey authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 Login incorrect: [joey/<no User-Password attribute>] (from client vpn-external port 0 cli 165.236.229.162) Sending Access-Reject of id 113 to x.x.x.x:32792 MS-CHAP-Error = "pE=691 R=1" Any other sugggestions? Thanks! On 2/6/06, Alan DeKok <aland@ox.org> wrote:
Joey McDonald <jmcdice@gmail.com> wrote:
I'm now storing my password(s) in the ldap directory in plain text. Using radtest from another machine on the network authenticates from the LDAP server just fine.
Don't set Auth-Type.
In users I added:
DEFAULT Auth-Type := LDAP Fall-Through = 1
Delete that. You don't need it.
List "ldap" in "authorize", AFTER "mschap".
Alan DeKok.