Hi Phil,
Thanks for the response.
> rlm_ldap: Adding userPassword as User-Password, value { & op=21
The line above looks wrong, but it never ends up being a problem because...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user joey authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
...during authenticate...
> rlm_ldap: - authenticate
> rlm_ldap: login attempt by "joey" with password "xxxxxxxx"
> rlm_ldap: user DN: uid=joey,ou=People, dc=example,dc=net
> rlm_ldap: (re)connect to ldap.example.net:389, authentication 1
> rlm_ldap: bind as uid=joey,ou=People, dc=example,dc=net/xxxxxxxx to
> ldap.example.net:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: user joey authenticated succesfully
...auth-type == LDAP and an LDAP simple bind is done to answer the PAP
request from radtest. This ONLY works with PAP because an LDAP simple
bind needs the plaintext password.
> Login OK: [joey/xxxxxxx] (from client el-oso port 0)
> Sending Access-Accept of id 116 to 172.33.100.18:32811
>
> So that tells me that I've got the communication to my LDAP server
> properly configured.
>
> However when my PPTP server sends authentication requests to my radius
> server, I always get "Login incorrect: [joey/<no User-Password
> attribute>]"
Since it's a PPTP server you are almost certainly going to be using
MS-CHAP, which requires either:
1. The NT password hash to be in LDAP and readable by FreeRadius
2. The plaintext password to be in LDAP and readable
3. Samba, domain membership, winbind and the ntlm_auth plugin option
for the mschap module