Daniel Gomes wrote:
Well, as I mentioned (a couple of times now), the LDAP server was indeed returning a password to FreeRADIUS, since radtest was always working fine.
No, it wasn't returning a password to FreeRADIUS. Go *read* the debug output. It will prove this. When using PAP, the LDAP module looks for a password. If it doesn't get one, it then tries to do "bind as user". That is, it hands the username && password to the LDAP server, and asks "are these OK"? When this happens, you're making your LDAP server do user authentication. This is wrong. LDAP is a database. RADIUS is an authentication server.
So the problem wasn't in the LDAP server itself, because it does "return a password when an LDAP client queries it for a password" (as I also mentioned it, we are currently and successfully using it to authenticate other services).\
Using PAP passwords.
The problem was really related to MS-CHAP, and now that I changed to PAP, it all seems to be working fine...
Yes. For the reasons outlined above. Your situation *isn't* the first time someone has had this issue. We're familiar with the problem && solution, where you are clearly not. Alan DeKok.