"uid=user,cn=users,cn=compat,dc=companyname,dc=local" (0) ldap : Processing user attributes (0) WARNING: ldap : No "reference" password added. Ensure the admin user has permission to read the password attribute (0) WARNING: ldap : PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure) rlm_ldap (ldap): Released connection (4) rlm_ldap (ldap): Closing connection (0): Too many free connections (5 > 3) (0) [ldap] = ok (0) [expiration] = noop (0) [logintime] = noop (0) WARNING: pap : No "known good" password found for the user. Not setting Auth-Type. (0) WARNING: pap : Authentication will fail unless a "known good" password is available. (0) [pap] = noop (0) } # authorize = ok (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject ===============================================================
Can FreeRadius handle this type of userPassword (since it seems to be hashed)?
Yes, though you should map it to control:Password-With-Header, and run the pap module after the ldap module. At this point it's probably time to break out wireshark and look at the requests/responses you'll probably find that the LDAP server still isn't sending back a value for that attribute. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2