Josip, thanks for your response. Add LDAP into the authenticate section, so that it simply tries to re-bind
with the provided credentials? Like this:
Auth-Type LDAP { ldapPerson }
I try this configuration too, but it doesn't work for me. Freeradius doesn't set the value to Auth-Type attribute. I thik that this is because the userPassword attribute is only visible to each particular user when binds. rad_recv: Access-Request packet from host X.X.X.X port 49621, id=130, length=58 User-Name = "aigallardo@unex.es" User-Password = "XXXX" server test { # Executing section authorize from file /etc/freeradius/sites-enabled/test +- entering group authorize {...} [suffix] Looking up realm "unex.es" for User-Name = "aigallardo@unex.es" [suffix] Found realm "unex.es" [suffix] Adding Stripped-User-Name = "aigallardo" [suffix] Adding Realm = "unex.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [files] users: Matched entry DEFAULT at line 33 ++[files] returns ok [ldapPerson] performing user authorization for aigallardo [ldapPerson] expand: %{Stripped-User-Name} -> aigallardo [ldapPerson] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=aigallardo) [ldapPerson] expand: ou=people,dc=unex,dc=es -> ou=people,dc=unex,dc=es [ldapPerson] ldap_get_conn: Checking Id: 0 [ldapPerson] ldap_get_conn: Got Id: 0 [ldapPerson] attempting LDAP reconnection [ldapPerson] (re)connect to ldap.unex.es:389, authentication 0 [ldapPerson] bind as / to ldap.unex.es:389 [ldapPerson] waiting for bind result ... [ldapPerson] Bind was successful [ldapPerson] performing search in ou=people,dc=unex,dc=es, with filter (uid=aigallardo) [ldapPerson] No default NMAS login sequence [ldapPerson] looking for check items in directory... [ldapPerson] looking for reply items in directory... [ldapPerson] gecos -> Nombre-Completo = "Ana-Isabel Gallardo Gomez,Dpto. Tecno. Computadores y Comuni.,," WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldapPerson] user aigallardo authorized to use remote access [ldapPerson] ldap_release_conn: Release Id: 0 ++[ldapPerson] returns ok ++[expiration] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. } # server test Thank you very much and sorry for my english. ++ Ana Gallardo Gómez ++