Hello, I'm using freeradius 2.1.10 and I want to use ldap like a backend in authorize section to take userPassword attribute (unix crypt) to authenticate the user. My problem is: the ldap server don't have public key that an admin user (who bind) can take. So I have to bind in the authorize section with the user and password (clear text) in the request. Is this posible? What are my posibilities? Here is my actual configuration in my test: LDAP MODULE ldap ldapPerson{ server = "ldap.xxxx" basedn = "ou=people,dc=unex,dc=es" filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 tls { start_tls = no } dictionary_mapping = ${confdir}/ldapPerson.attrmap edir_account_policy_check = no set_auth_type = yes } SERVER server test{ authorize { suffix files ldapPerson expiration pap } authenticate { Auth-Type PAP { pap } } } DEBUG rad_recv: Access-Request packet from host X.X.X.X port 38152, id=201, length=58 User-Name = "aigallardo@unex.es" User-Password = "pass" server test { # Executing section authorize from file /etc/freeradius/sites-enabled/test +- entering group authorize {...} [suffix] Looking up realm "unex.es" for User-Name = "aigallardo@unex.es" [suffix] Found realm "unex.es" [suffix] Adding Stripped-User-Name = "aigallardo" [suffix] Adding Realm = "unex.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [files] users: Matched entry DEFAULT at line 33 ++[files] returns ok [ldapPerson] performing user authorization for aigallardo [ldapPerson] expand: %{Stripped-User-Name} -> aigallardo [ldapPerson] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=aigallardo) [ldapPerson] expand: ou=people,dc=unex,dc=es -> ou=people,dc=unex,dc=es [ldapPerson] ldap_get_conn: Checking Id: 0 [ldapPerson] ldap_get_conn: Got Id: 0 [ldapPerson] attempting LDAP reconnection [ldapPerson] (re)connect to XXXXX :389, authentication 0 [ldapPerson] bind as / to XXXX :389 [ldapPerson] waiting for bind result ... [ldapPerson] Bind was successful [ldapPerson] performing search in ou=people,dc=unex,dc=es, with filter (uid=aigallardo) [ldapPerson] No default NMAS login sequence [ldapPerson] looking for check items in directory... [ldapPerson] looking for reply items in directory... [ldapPerson] gecos -> Nombre-Completo = "Ana-Isabel Gallardo Gomez" WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldapPerson] user aigallardo authorized to use remote access [ldapPerson] ldap_release_conn: Release Id: 0 ++[ldapPerson] returns ok ++[expiration] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. } # server test Thank you very much and sorry for my eglish. ++ Ana Gallardo Gómez ++