Leese, MJ (Mark) wrote:
1. Uncomment "set_auth_type = yes" in raddb/modules/ldap. This was already done but I think it's the default anyway :-)
Then it should work.
2. List "pap" as the last module in the "authorize" section. Sorry, I should have said that I'd also tried this. Here is the debug trace with the pap module listed last... ... Mon Mar 16 10:28:26 2009 : Debug: WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
And the server doesn't find a password.
The Access-Request contains a User-Name and plaintext User-Password. My LDAP server is Active Directory
<sigh> You should have said that at the start. Active Directory isn't an LDAP server. Not really...
so I don't think it returns anything in the userPassword attribute, so I guess this is why PAP also fails to find a "known good" password?
Yes.
Is there anything else I can try?
Force Auth-Type := LDAP. ...
Sun Mar 15 17:59:38 2009 : Info: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Sun Mar 15 17:59:38 2009 : Info: Failed to authenticate the user.
So force Auth-Type := LDAP. This will make it do "bind as user". Alan DeKok.