Hi, We have upgraded our freeradius1.6 to 2.0 We are using active directory for LDAP server. We have not changed any data in AD. But when we upgrade and try to connect using valid user id..user is getting rejected. Please let me know if there any issues I need to take before ugprading to 2.0 Iam using same bind DN and other strings in 2.0. rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 157.235.205.31:389, authentication 0 rlm_ldap: bind as cn=Administrator,cn=Users,dc=Crossfire,dc=symbol,dc=com/windows2003 to 157.235.205.31:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in cn=Users,dc=Crossfire,dc=symbol,dc=com, with filter (sAMAccountName=satish) rlm_ldap: ldap_release_conn: Release Id: 0 expand: (|(&(objectClass=group)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) -> (|(&(objectClass=group)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=))) rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 ******************************************************* rlm_ldap: performing search in cn=Users,dc=Crossfire,dc=symbol,dc=com, with filter (&(cn=sales)(|(&(objectClass=group)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=)))) rlm_ldap: object not found or got ambiguous search result ******************************************************************************* rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in CN=satish,CN=Users,DC=Crossfire,DC=symbol,DC=com, with filter (objectclass=*) rlm_ldap::ldap_groupcmp: ldap_get_values() failed rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: Entering ldap_groupcmp() expand: cn=Users,dc=Crossfire,dc=symbol,dc=com -> cn=Users,dc=Crossfire,dc=symbol,dc=com expand: (|(&(objectClass=group)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) -> (|(&(objectClass=group)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=))) rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Users,dc=Crossfire,dc=symbol,dc=com, with filter (&(cn=sales)(|(&(objectClass=group)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=)))) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in CN=satish,CN=Users,DC=Crossfire,DC=symbol,DC=com, with filter (objectclass=*) rlm_ldap::ldap_groupcmp: ldap_get_values() failed rlm_ldap: ldap_release_conn: Release Id: 0 users: Matched entry DEFAULT at line 26 ++[files] returns ok ++- entering policy redundant rlm_ldap: - authorize rlm_ldap: performing user authorization for satish expand: (sAMAccountName=%{User-Name}) -> (sAMAccountName=satish) expand: cn=Users,dc=Crossfire,dc=symbol,dc=com -> cn=Users,dc=Crossfire,dc=symbol,dc=com rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Users,dc=Crossfire,dc=symbol,dc=com, with filter (sAMAccountName=satish) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... ****************************** WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? *************************************** rlm_ldap: user satish authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_secondary] returns ok ++- policy redundant returns ok rlm_eap: EAP packet type response id 1 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. Login incorrect: [satish/<via Auth-Type = Reject>] (from client private-network-1 port 1 cli 00-16-CF-50-6C-8C) Thanks gnr