Josip, thanks for your response.


Add LDAP into the authenticate section, so that it simply tries to re-bind
with the provided credentials? Like this:

       Auth-Type LDAP {
               ldapPerson
       }

I try this configuration too, but it doesn't work for me. Freeradius doesn't set the value to Auth-Type attribute. I thik that this is because the userPassword attribute is only visible to each particular user when binds.

rad_recv: Access-Request packet from host X.X.X.X port 49621, id=130, length=58
    User-Name = "aigallardo@unex.es"
    User-Password = "XXXX"
server test {
# Executing section authorize from file /etc/freeradius/sites-enabled/test
+- entering group authorize {...}
[suffix] Looking up realm "unex.es" for User-Name = "aigallardo@unex.es"
[suffix] Found realm "unex.es"
[suffix] Adding Stripped-User-Name = "aigallardo"
[suffix] Adding Realm = "unex.es"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[files] users: Matched entry DEFAULT at line 33
++[files] returns ok
[ldapPerson] performing user authorization for aigallardo
[ldapPerson]     expand: %{Stripped-User-Name} -> aigallardo
[ldapPerson]     expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=aigallardo)
[ldapPerson]     expand: ou=people,dc=unex,dc=es -> ou=people,dc=unex,dc=es
  [ldapPerson] ldap_get_conn: Checking Id: 0
  [ldapPerson] ldap_get_conn: Got Id: 0
  [ldapPerson] attempting LDAP reconnection
  [ldapPerson] (re)connect to ldap.unex.es:389, authentication 0
  [ldapPerson] bind as / to ldap.unex.es:389
  [ldapPerson] waiting for bind result ...
  [ldapPerson] Bind was successful
  [ldapPerson] performing search in ou=people,dc=unex,dc=es, with filter (uid=aigallardo)
[ldapPerson] No default NMAS login sequence
[ldapPerson] looking for check items in directory...
[ldapPerson] looking for reply items in directory...
  [ldapPerson] gecos -> Nombre-Completo = "Ana-Isabel Gallardo Gomez,Dpto. Tecno. Computadores y Comuni.,,"
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?
[ldapPerson] user aigallardo authorized to use remote access
  [ldapPerson] ldap_release_conn: Release Id: 0
++[ldapPerson] returns ok
++[expiration] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Failed to authenticate the user.
} # server test
 

Thank you very much and sorry for my english.



++ Ana Gallardo Gómez ++