Hi everyone, I need a little help because I am trying to configure a FreeRadius 3.0.12 + LDAP. With the previous FR version (2.2.5) everything work fine and I was able to authenticate my LDAP'users. Now I am trying to replicate my configuration but I receive this error: ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject My config files seem to be the same among the different FR versions. This is my debug output: (0) Received Access-Request Id 85 from MYCLIENT:47127 to MYSERVER:1812 length 86 (0) User-Name = "MYUSER" (0) User-Password = "MYPASSWORD" (0) NAS-IP-Address = 127.0.1.1 (0) NAS-Port = 0 (0) Message-Authenticator = 0xa7d43fb7b44c2c15e704324f69e3e0d9 (0) # Executing section authorize from file /etc/freeradius/3.0/sites- enabled/default (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "MYUSER", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) eap: No EAP-Message, not doing EAP (0) [eap] = noop (0) [files] = noop rlm_ldap (ldap): Reserved connection (0) (0) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (0) ldap: --> (uid=MYUSER) (0) ldap: Performing search in "dc=MYCOMPANY,dc=MYDOMAIN" with filter "(uid=MYUSER)", scope "sub" (0) ldap: Waiting for search result... (0) ldap: User object found at DN "uid=MYUSER,ou=people,dc= MYCOMPANY,dc=MYDOMAIN" (0) ldap: Processing user attributes (0) ldap: WARNING: No "known good" password added. Ensure the admin user has permission to read the password attribute (0) ldap: WARNING: PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure) rlm_ldap (ldap): Released connection (0) rlm_ldap (ldap): Need 5 more connections to reach 10 spares rlm_ldap (ldap): Opening additional connection (5), 1 of 27 pending slots used rlm_ldap (ldap): Connecting to ldap://localhost:389 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful (0) [ldap] = ok (0) [expiration] = noop (0) [logintime] = noop (0) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (0) pap: WARNING: Authentication will fail unless a "known good" password is available (0) [pap] = noop (0) } # authorize = ok (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (0) Failed to authenticate the user (0) Using Post-Auth-Type Reject (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (0) Post-Auth-Type REJECT { (0) attr_filter.access_reject: EXPAND %{User-Name} (0) attr_filter.access_reject: --> MYUSER (0) attr_filter.access_reject: Matched entry DEFAULT at line 11 (0) [attr_filter.access_reject] = updated (0) [eap] = noop (0) policy remove_reply_message_if_eap { (0) if (&reply:EAP-Message && &reply:Reply-Message) { (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (0) else { (0) [noop] = noop (0) } # else = noop (0) } # policy remove_reply_message_if_eap = noop (0) } # Post-Auth-Type REJECT = updated (0) Delaying response for 1.000000 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (0) Sending delayed response (0) Sent Access-Reject Id 85 from MYSERVER:1812 to MYCLIENT:47127 length 20 Waking up in 3.9 seconds. (0) Cleaning up request packet ID 85 with timestamp +2 Ready to process requests What do I wrong or miss? Many thanks in advance for your help. Andrea -- Avvertenze ai sensi del D.Lgs.196 del 30/06/2003 Le informazioni contenute in questo messaggio di posta elettronica e/o files allegati, sono da considerarsi strettamente riservati. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nello stesso. Costituisce violazione ai principi dettati dal D.Lgs. 196/2003: trattenere il messaggio stesso oltre il tempo necessario, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo od utilizzarlo per finalità diverse. In ogni momento potrà richiederci la sospensione dell'impiego dei suoi dati, ad esclusione delle comunicazioni effettuate in esecuzione di obblighi di legge. Qualora avesse ricevuto questo messaggio senza esserne il destinatario La preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso dal Suo sistema. Se desidera presentare un reclamo, può trovare informazioni e supporto sul nostro sito www.widegroup.eu/reclami o può scrivere a reclami@widegroup.eu. Grazie. -- This message is confidential. It may also be privileged or otherwise protected by work, product, immunity or other legal rules. If you have received it by mistake, please let us know by e-mail reply and delete it from your system; you may not copy this message or disclose its contents to anyone. The integrity and security of this message cannot be guaranteed on the Internet. If you want to submit a formal complaint, you can find information and support on our website www.widegroup.eu/reclami or writing to reclami@widegroup.eu. Thank you.