Morning list, I need some help with my freeradius + LDAP configuration, I'm stuck with a "WARNING: No "known good" password was found in LDAP" message, and I don't know how to continue with the debugging of this problem. First, versions: freeradius-ldap-2.2.6-6.el6_7.x86_64 freeradius-2.2.6-6.el6_7.x86_64 This is the output from "radiusd -X": rad_recv: Access-Request packet from host 10.252.218.2 port 12494, id=176, length=95 User-Name = "test" User-Password = "testpasswd" NAS-IP-Address = 10.252.218.4 NAS-Identifier = "example1" Calling-Station-Id = "10.100.100.10" NAS-Port = 11469 NAS-Port-Type = Virtual Mon Dec 21 08:14:30 2015 : Info: # Executing section authorize from file /etc/raddb/sites-enabled/default Mon Dec 21 08:14:30 2015 : Info: +group authorize { Mon Dec 21 08:14:30 2015 : Info: ++[preprocess] = ok Mon Dec 21 08:14:30 2015 : Info: ++[chap] = noop Mon Dec 21 08:14:30 2015 : Info: ++[mschap] = noop Mon Dec 21 08:14:30 2015 : Info: ++[digest] = noop Mon Dec 21 08:14:30 2015 : Info: [suffix] No '@' in User-Name = "test", looking up realm NULL Mon Dec 21 08:14:30 2015 : Info: [suffix] No such realm "NULL" Mon Dec 21 08:14:30 2015 : Info: ++[suffix] = noop Mon Dec 21 08:14:30 2015 : Info: [eap] No EAP-Message, not doing EAP Mon Dec 21 08:14:30 2015 : Info: ++[eap] = noop Mon Dec 21 08:14:30 2015 : Info: [files] users: Matched entry DEFAULT at line 79 Mon Dec 21 08:14:30 2015 : Info: ++[files] = ok Mon Dec 21 08:14:30 2015 : Info: [ldap] performing user authorization for test Mon Dec 21 08:14:30 2015 : Info: [ldap] expand: %{Stripped-User-Name} -> Mon Dec 21 08:14:30 2015 : Info: [ldap] ... expanding second conditional Mon Dec 21 08:14:30 2015 : Info: [ldap] expand: %{User-Name} -> test Mon Dec 21 08:14:30 2015 : Info: [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=test) Mon Dec 21 08:14:30 2015 : Info: [ldap] expand: ou=users,cn=secdb,cn=data,ou=ALL,ou=infra,dc=infra,dc=local -> ou=users,cn=secdb,cn=data,ou=ALL,ou=infra,dc=infra,dc=local Mon Dec 21 08:14:30 2015 : Debug: [ldap] ldap_get_conn: Checking Id: 0 Mon Dec 21 08:14:30 2015 : Debug: [ldap] ldap_get_conn: Got Id: 0 Mon Dec 21 08:14:30 2015 : Debug: [ldap] attempting LDAP reconnection Mon Dec 21 08:14:30 2015 : Debug: [ldap] (re)connect to 10.252.25.20:389, authentication 0 Mon Dec 21 08:14:30 2015 : Debug: [ldap] bind as cn=binduser,cn=proxy,ou=clients,ou=nfra,dc=infra,dc=local/password to 10.252.25.20:389 Mon Dec 21 08:14:30 2015 : Debug: [ldap] waiting for bind result ... Mon Dec 21 08:14:30 2015 : Debug: [ldap] Bind was successful Mon Dec 21 08:14:30 2015 : Debug: [ldap] performing search in ou=users,cn=secdb,cn=data,ou=ALL,ou=infra,dc=infra,dc=local with filter (uid=test) Mon Dec 21 08:14:30 2015 : Info: [ldap] looking for check items in directory... Mon Dec 21 08:14:30 2015 : Info: [ldap] looking for reply items in directory... Mon Dec 21 08:14:30 2015 : Debug: WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? Mon Dec 21 08:14:30 2015 : Debug: [ldap] ldap_release_conn: Release Id: 0 Mon Dec 21 08:14:30 2015 : Info: ++[ldap] = ok Mon Dec 21 08:14:30 2015 : Info: ++[expiration] = noop Mon Dec 21 08:14:30 2015 : Info: ++[logintime] = noop Mon Dec 21 08:14:30 2015 : Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. Mon Dec 21 08:14:30 2015 : Info: ++[pap] = noop Mon Dec 21 08:14:30 2015 : Info: +} # group authorize = ok Mon Dec 21 08:14:30 2015 : Info: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Mon Dec 21 08:14:30 2015 : Info: Failed to authenticate the user. When I run the "search" command from the OS and ldap tools, the output seems to be good (userPassword is {SHA} hashed): # ldapsearch -D "cn=binduser,cn=proxy,ou=clients,ou=nfra,dc=infra,dc=local" -w password -p 389 -h 10.252.25.20 -b "ou=users,cn=secdb,cn=data,ou=ALL,ou=infra,dc=infra,dc=local" "uid=test" dn: uid=test,ou=users,cn=secdb,cn=data,ou=ALL,ou=infra,dc=infra,dc=local maxFailedLogins: 3 passwordMinAlphaChars: 1 objectclass: account objectclass: top objectclass: posixaccount objectclass: shadowaccount passwordMaxRepeatedChars: 1 uid: test uidNumber: 18001 cn: test loginShell: /bin/bash passwordMinLength: 15 shadowMin: 1 gidNumber: 18000 passwordMinOtherChars: 3 shadowMax: 13 gecos: homeDirectory: /home/test passwordHistSize: 12 unsuccessfulLoginCount: 0 passwordFlags: ADMCHG userPassword:: e1NIQX1mVFA2NUFYOURHMXFPZkhsem5tQzg5NElJM3c9 This is my /etc/raddb/modules/ldap file: # grep -v "#" ldap ldap { server = "10.252.25.20" port = 389 identity = "cn=binduser,cn=proxy,ou=clients,ou=nfra,dc=infra,dc=local" password = password basedn = "ou=users,cn=secdb,cn=data,ou=ALL,ou=infra,dc=infra,dc=local" filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" ldap_connections_number = 5 max_uses = 0 timeout = 4 timelimit = 3 net_timeout = 1 tls { start_tls = no } dictionary_mapping = ${confdir}/ldap.attrmap edir_account_policy_check = no keepalive { idle = 60 probes = 3 interval = 3 } } Any ideas? I don't know how to get some more debug from the "ldap" module especifcally to try to solve that "No "known good" password" message. Thanks a lot in advance, Regards, Alex