On Sep 25, 2019, at 11:13 AM, Sébastien Genesta <genesta.sebastien@gmail.com> wrote:
So I come back to you because I'm encountering an issue with LDAP authentication on Strongswan.
below my /etc/freeradius/3.0/sites-enabled/default
Please don't post configuration pieces to the list. It's not necessary. ALL of the documentation says "don't post configuration files to the list".
When I try to connect from Strongswan following debug message is returned: ... (1) ldap: WARNING: You have set "Auth-Type := LDAP" somewhere (1) ldap: WARNING: ********************************************* (1) ldap: WARNING: * THAT CONFIGURATION IS WRONG. DELETE IT. (1) ldap: WARNING: * YOU ARE PREVENTING THE SERVER FROM WORKING (1) ldap: WARNING: ********************************************* (1) ldap: ERROR: Attribute "User-Password" is required for authentication
That seems pretty clear. You edited the default configuration and broke it. Don't do that.
According to "WARNING: You have set "Auth-Type := LDAP" somewhere", i've tried to remove it but radtest fails (ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject)
Because you *also* removed "eap" from the "authorize" section. Your first step when installing the server should NOT be to butcher the configuration files. The default configuration works. All of the documentation says BE CAREFUL WITH EDITING THE FILES. It really can't be any clearer. Go back to using the default configuration. Then, follow the documentation for configuring LDAP. It *will* work. Alan DeKok.