My LDAP server uses SASL mechanism for authenticating uid/username against userPassword. How can I integrate this LDAp server with FreeRadius server and what all configuration need to be changed ???. On debug, my radius server shows following error. Kindly suggest Traffic flow as follows: Radius client--> Radius server--> Ldap server --> SASL Authentication---> Backend server rad_recv: Access-Request packet from host 10.168.109.120 port 42911, id=96, length=58 User-Name = "google" User-Password = "google@1234" NAS-IP-Address = 10.1.109.120 NAS-Port = 0 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "google", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[smbpasswd] returns notfound [ldap] performing user authorization for google [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [ldap] ... expanding second conditional [ldap] expand: %{User-Name} -> google [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=google) [ldap] expand: ou=Users,dc=cdac,dc=in -> ou=Users,dc=cdac,dc=in [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in ou=Users,dc=cdac,dc=in, with filter (uid=google) request done: ld 0x748c7d0 msgid 9 [ldap] object not found [ldap] search failed [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> google attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 13 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 13 Sending Access-Reject of id 96 to 10.168.109.120 port 42911 Waking up in 4.9 seconds. Regards Vijay -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.