Hello !
You send an Access-Request with User-Name and User-Password (0) Received Access-Request Id 165 from 192.168.0.7:3437 to
192.168.0.215:1812 length 241 (0) User-Name = "106530670342" (0) User-Password = "106530670342" You check the user but there's no password (0) redundant redundant_ldap { rlm_ldap (ldap1): Reserved connection (0) (0) ldap1: EXPAND (cn=%{%{Stripped-User-Name}:-%{User-Name}}) (0) ldap1: --> (cn=106530670342) (0) ldap1: Performing search in "dc=firma,dc=de" with filter "(cn=106530670342)", scope "sub" (0) ldap1: Waiting for search result... (0) ldap1: User object found at DN "cn=NBBZ1807-134,cn=4.notebooks,cn=172.17.0.0,cn=SUBNET,cn=DHCP Config,dc=firma,dc=de" (0) ldap1: Processing user attributes (0) ldap1: WARNING: No "known good" password added. Ensure the admin user has permission to read the password attribute (0) ldap1: WARNING: PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure)
So Access-Reject is sent
Yes, the Access-request from the switch contains User-Name and User-Password, both attributes contain the mac address without hyphen. If there is a match in LDAP the user is authorized and therefor accepted. The Access-reply should contain the the attributes like VLAN ID. I can see that the user is found in the directory... (0) ldap1: Performing search in "dc=firma,dc=de" with filter "(cn=106530670342)", scope "sub" (0) ldap1: Waiting for search result... (0) ldap1: User object found at DN "cn=NBBZ1807-134,cn=4.notebooks,cn=172.17.0.0,cn=SUBNET,cn=DHCP Config,dc=firma,dc=de" (0) ldap1: Processing user attributes ... (0) } # authorize = ok Am I wrong to say the authorization was successful? In FR2 I had a schema for the freeradius loaded in OpenLDAP. I did not found any related informations for a FR3 schema for OpenLDAP but also tried to use the scheme which I used in FR2 without any other results. Thank you!