NOT WORKING:
Ready to process requests. rad_recv: Access-Request packet from host 10.0.90.32:2017, id=62, length=46 User-Name = "testme" User-Password = "123456" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 users: Matched entry testme at line 142 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for testme radius_xlat: '(sAMAccountname=testme)' radius_xlat: 'dc=consolidated,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 10.0.60.177:389, authentication 0 rlm_ldap: bind as cn=someuser,cn=Users,dc=ourcompany,dc=com/secret to 10.0.xx.xxx:389 rlm_ldap: waiting for bind result ... rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf
Looks like you don't have the LDAP information setup correctly. FreeRADIUS can't login to LDAP with the settings (un)specified.
rlm_ldap: (re)connection attempt failed rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns fail for request 0 modcall: leaving group authorize (returns fail) for request 0
LDAP returns fail, which is weighted heavier than the both the "noop" returned by mschap and the "ok" returned by files. Because LDAP returns "fail," the entire request returns "fail." You can specify different weighted settings for noop, fail, etc, but the obvious answer is to fix your LDAP settings and then try again. Once you can login to the LDAP, if the user does not exist in there then LDAP should return "noop" for the request. If you want a user to exist in both the LDAP and the users file with different passwords, that requires a bit of tweaking but I've got it working if you need to see how sometime. Hope this helps! Andrew