On Aug 18, 2008, at 10:41 AM, Alan DeKok wrote:
In the LDAP module? That configuration is deprecated, and isn't even documented in 2.0.5.
Ok, I've removed that configuration bit.
What is the output of debugging mode?
rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap:389, authentication 0 rlm_ldap: bind as uid=CRYPTOCARD,dc=somedomain,dc=com/somepassword to ldap:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=somedomain,dc=com, with filter (uid=test) rlm_ldap: Added User-Password = {SSHA}aZj99e5gRcpUEv26zXq7VvTa2apMdKBY44sVyg== in check items rlm_ldap: No default NMAS login sequence rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user test authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++++[people] returns ok +++- elsif (group-Ldap-Group == "cn=mgmtro,ou=groups,dc=somedomain,dc=com") returns ok +++ ... skipping elsif for request 0: Preceding "if" was taken ++- elsif (group-Ldap-Group == "cn=nocryptocard,ou=groups,dc=somedomain,dc=com") returns ok ++ ... skipping else for request 0: Preceding "if" was taken !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext- Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User- Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. Hopefully this helps. --phil