Hi Vladimir, I've followed your write-up on FreeRADIUS and LDAP and configured my Windows clients to use TTLS+PAP but I still get the same error as below: rad_recv: Access-Request packet from host 192.168.84.11:2048, id=0, length=125 User-Name = "melvin" NAS-IP-Address = 192.168.84.11 Called-Station-Id = "000f66005feb" Calling-Station-Id = "0012f075e7b3" NAS-Identifier = "000f66005feb" NAS-Port = 33 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201000b016d656c76696e Message-Authenticator = 0x1cbf370b745f6863e6478bfed57edd74 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "melvin", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 1 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type LDAP auth: type "LDAP" Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_ldap: - authenticate rlm_ldap: Attribute "User-Password" is required for authentication. modcall[authenticate]: module "ldap" returns invalid for request 0 modcall: group Auth-Type returns invalid for request 0 auth: Failed to validate the user. Any ideas where I might go wrong? cheers, melvin ----- Original Message ----- From: "Vladimir Vuksan" <vlists@veus.hr> To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Sent: Tuesday, July 26, 2005 10:33 PM Subject: Re: rlm_ldap: Attribute "User-Password" isrequired forauthentication
melvin wrote:
LDAP does provide some authentication -- through the 'BIND' statement. Incidentally, this is how the FreeRadius rlm_ldap module chooses to authenticate against an LDAP entry... it attempts to 'bind' to it, passing the username and password to LDAP.
I have successfully integrated FreeRadius & LDAP -- I can get you my config entries if you would like. It worked with OpenLDAP practically out-of-the-box.
I have a write-up on FreeRADIUS and LDAP. It should apply to most configurations
http://vuksan.com/linux/dot1x/802-1x-LDAP.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html