Hello list, we are using FreeRADIUS to authenticate students wireless access. It's FreeRADIUS Version 2.2.8 running on FreeBSD 9.2-STABLE. Our LDAP server is eDirectory version 8.8 Now, we are upgrading to FreeRADIUS 3.0.15 (installed from ports) running on FreeBSD 11.1-RELEASE. LDAP is always eDirectory 8.8. The bind to LDAP server it's ok, but the user is not authenticate, the error is: Invalid user (eDirectory-ICT: Failed to retrieve eDirectory password: (80) Other (e.g., implementation specific) error): This is the ldap module configuration: # # ICT per test # ldap eDirectory-ICT { server = 'ldaps.unibocconi.it' port = 636 identity = 'cn=yyyyyyyyy,ou=Servers,o=INetServices' password = xxxxxxx base_dn = 'ou=Faculty-Staff,ou=Bocconi,o=INetServices' edir = yes edir_autz = no # # User object identification. # user { base_dn = "${..base_dn}" filter = "(cn=%{%{Stripped-User-Name}:-%{User-Name}})" } # # User membership checking. # group { base_dn = "${..base_dn}" filter = '(objectClass=posixGroup)' membership_attribute = 'memberOf' } # # User profiles. # profile { filter = '(objectclass=radiusprofile)' } # # Bulk load clients from the directory # client { base_dn = "${..base_dn}" filter = '(objectClass=radiusClient)' template { } attribute { ipaddr = 'radiusClientIdentifier' secret = 'radiusClientSecret' } } read_clients = no accounting { reference = "%{tolower:type.%{Acct-Status-Type}}" type { start { update { description := "Online at %S" } } interim-update { update { description := "Last seen at %S" } } stop { update { description := "Offline at %S" } } } } # # Post-Auth can modify LDAP objects too # post-auth { update { description := "Authenticated at %S" } } # # LDAP connection-specific options. # options { chase_referrals = yes rebind = yes res_timeout = 10 srv_timelimit = 3 net_timeout = 1 idle = 60 probes = 3 interval = 3 ldap_debug = 0x0028 } # # This subsection configures the tls related items # that control how FreeRADIUS connects to an LDAP # server. # tls { start_tls = no ca_file = ${certdir}/DigiCertAssuredIDRootCA-TERENA-CA3.crt ca_path = ${certdir} certificate_file = ${certdir}/ldaps.unibocconi.it.crt private_key_file = ${certdir}/ldaps.unibocconi.it.key random_file = /dev/urandom require_cert = 'demand' } # # ldap_connections_number # pool { start = ${thread[pool].start_servers} min = ${thread[pool].min_spare_servers} max = ${thread[pool].max_servers} spare = ${thread[pool].max_spare_servers} uses = 0 retry_delay = 30 lifetime = 0 idle_timeout = 60 } } What's wrong ? Thanks for your help. Ciao Marco -- Marco Pirovano Infrastrutture e Tecnologie Information and Communication Technology Universita' Bocconi via Gobbi, 5 - 20136 Milano Tel. +39 02 5836.3173 Fax. +39 02 5836.3160 Windows makes noise, Linux plays music, but BSD Rocks!