Hi, We have a freeradius server sending auth requests to a ldap server. We sniffed traffic between them and found search request messages from ldap protocol asking for an user called root, but the client request authentication for another user, an existing one. This request for user root isnt logical since root is not a valid user in our ldap db. Ethereal output (request packet from radius server to ldap server): Filter:(&(objectclass=User)(sAMAccountName=root)) FreeRadius is using PAM to auth against ldap with rlm_pam module. PAM is completely configured and we're able to use its features with other tools, such as login. Freeradius output: rad_recv: Access-Request packet from host 10.2.1.76:32784, id=106, length=215 User-Name = "aelias@intranet.ufba.br" Digest-Attributes = 0x0a0861656c696173 Digest-Attributes = 0x0112696e7472616e65742e756662612e6272 Digest-Attributes = 0x022a34373032353266383139316339313161353365313735363334656362333434336638363931303665 Digest-Attributes = 0x04167369703a696e7472616e65742e756662612e6272 Digest-Attributes = 0x030a5245474953544552 Digest-Response = "598d24b186f652a28feced8e51f92880" Service-Type = IAPP-Register X-Ascend-PW-Lifetime = 0x61656c696173 NAS-IP-Address = 10.2.1.76 NAS-Port = 5060 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: Looking up realm "intranet.ufba.br" for User-Name = "aelias@intranet.ufba.br" rlm_realm: No such realm "intranet.ufba.br" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 3 users: Matched entry DEFAULT at line 168 modcall[authorize]: module "files" returns ok for request 3 modcall: group authorize returns ok for request 3 rad_check_password: Found Auth-Type Pam auth: type "PAM" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_pam: Attribute "User-Password" is required for authentication. modcall[authenticate]: module "pam" returns invalid for request 3 modcall: group authenticate returns invalid for request 3 auth: Failed to validate the user. Login incorrect: [aelias@intranet.ufba.br/<no User-Password attribute>] (from client private-network-2 port 5060) Delaying request 3 for 1 seconds Finished request 3 Going to the next request --- Walking the entire request list --- Sending Access-Reject of id 105 to 10.2.1.76:32783 Sorry my poor English. :-) Thanks. Abra sua conta no Yahoo! Mail, o único sem limite de espaço para armazenamento!