Many thanks for the reply. 2017-09-01 15:45 GMT+02:00 Alan DeKok <aland@deployingradius.com>:
On Sep 1, 2017, at 9:22 AM, Andrea Passuello < andrea.passuello@widegroup.eu> wrote:
With the previous FR version (2.2.5) everything work fine and I was able to authenticate my LDAP'users.
Now I am trying to replicate my configuration but I receive this error:
ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
It helps to read ALL of the debug output.
... (0) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (0) ldap: --> (uid=MYUSER) (0) ldap: Performing search in "dc=MYCOMPANY,dc=MYDOMAIN" with filter "(uid=MYUSER)", scope "sub" (0) ldap: Waiting for search result... (0) ldap: User object found at DN "uid=MYUSER,ou=people,dc= MYCOMPANY,dc=MYDOMAIN" (0) ldap: Processing user attributes (0) ldap: WARNING: No "known good" password added. Ensure the admin user has permission to read the password attribute
That message should be clear.
Now I have this warning (0) ldap: WARNING: No "known good" password added. Ensure the admin user has permission to read the password attribute but, with the previous version, I had a similar warning and everything worked fine. WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
(0) ldap: WARNING: PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure)
That message should also be clear.
So are you using Active Directory?
No I am not using Active Directory....I don't understand why that message appears....
If so, follow the guide here:
http://deployingradius.com/documents/configuration/active_directory.html
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
Thanks Alan. Andrea -- Avvertenze ai sensi del D.Lgs.196 del 30/06/2003 Le informazioni contenute in questo messaggio di posta elettronica e/o files allegati, sono da considerarsi strettamente riservati. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nello stesso. Costituisce violazione ai principi dettati dal D.Lgs. 196/2003: trattenere il messaggio stesso oltre il tempo necessario, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo od utilizzarlo per finalità diverse. In ogni momento potrà richiederci la sospensione dell'impiego dei suoi dati, ad esclusione delle comunicazioni effettuate in esecuzione di obblighi di legge. Qualora avesse ricevuto questo messaggio senza esserne il destinatario La preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso dal Suo sistema. Se desidera presentare un reclamo, può trovare informazioni e supporto sul nostro sito www.widegroup.eu/reclami o può scrivere a reclami@widegroup.eu. Grazie. -- This message is confidential. It may also be privileged or otherwise protected by work, product, immunity or other legal rules. If you have received it by mistake, please let us know by e-mail reply and delete it from your system; you may not copy this message or disclose its contents to anyone. The integrity and security of this message cannot be guaranteed on the Internet. If you want to submit a formal complaint, you can find information and support on our website www.widegroup.eu/reclami or writing to reclami@widegroup.eu. Thank you.