Thanks for your response Alan, below are the logs I am getting in case of failure, ++++++++++++++++++++ rad_recv: Access-Request packet from host 10.0.30.51 port 52267, id=241, length=174 User-Name = "radtest" NAS-IP-Address = 10.0.30.51 NAS-Identifier = "24a43ce6fc81" NAS-Port = 0 Called-Station-Id = "2E-A4-3C-E7-FC-81:XXXX_Mgmt" Calling-Station-Id = "AC-38-70-99-E4-XX" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11b" EAP-Message = 0x027e000c0172616474657374 Message-Authenticator = 0xc9d515710f90d967171e7bff8e9b4d7d # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [ldap] performing user authorization for radtest [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for detail s [ldap] ... expanding second conditional [ldap] expand: %{User-Name} -> radtest [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=radtest) [ldap] expand: ou=people,dc=xxxx,dc=local -> ou=people,dc=xxxx,dc=local [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] attempting LDAP reconnection [ldap] (re)connect to 127.0.0.1:389, authentication 0 [ldap] bind as / to 127.0.0.1:389 [ldap] waiting for bind result ... [ldap] Bind was successful [ldap] performing search in ou=people,dc=xxxx,dc=local, with filter (uid=radt est) [ldap] checking if remote access for radtest is allowed by uid [ldap] looking for check items in directory... [ldap] looking for reply items in directory... [ldap] radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "10" [ldap] radiusTunnelMediumType -> Tunnel-Medium-Type:0 = 802 [ldap] radiusTunnelType -> Tunnel-Type:0 = VLAN WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap] user radtest authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject WARNING: Unknown value specified for Post-Auth-Type. Cannot perform requested ac tion. Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 241 to 10.0.30.51 port 52267 Tunnel-Private-Group-Id:0 = "10" Tunnel-Medium-Type:0 = 802 Tunnel-Type:0 = VLAN Waking up in 4.9 seconds. Cleaning up request 0 ID 241 with timestamp +17 Ready to process requests. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Mapping is done as below #cat /etc/raddb/ldap.attrmap checkItem User-Password userPassword replyItem Tunnel-Type radiusTunnelType replyItem Tunnel-Medium-Type radiusTunnelMediumType replyItem Tunnel-Private-Group-Id radiusTunnelPrivateGroupId Thanks Vishesh Kumar On Thu, May 14, 2015 at 3:14 PM, Alan Buxey <A.L.M.Buxey@lboro.ac.uk> wrote:
'Please let me know if I am doing anything wrong here'
Yes. You're not looking at the debug log for when it's failing from the client. You gave us the basic results from the radtest (which is PAP) . look at the logs for when your client is failing. If you cannot proceed yourself then post those logs to the list for help. Likely that either your ldap isn't supporting the password method or that you haven't used the right ldap/radius attribute maps
alan
-- Regards, Vishesh Kumar http://linuxmantra.com