On 26 Feb 2014, at 09:41, A.L.M.Buxey@lboro.ac.uk wrote:
Hi,
For security, the LDAP should not return attribute userPassword to freeradius.
if the server doesnt get a password - if using LDAP as your source, then how is it supposed to authenticate the user?
By testing the user's credentials with an LDAP bind. He hasn't indicated he's doing anything other than PAP. The user has always had to add Auth-Type ldap {} to the authenticate {} section. If you're capable of making even the most basic of mental leaps, you should realise that other authentication modules are listed in multiple places in the default server, and that, oo, look, the LDAP module is listed in only one. and oo, it's complaining about an Auth-Type, oh where did I see one of those before? Oh look! lots of Auth-types, one for pap, one for chap, one for mschap, but i'm not doing any of those... Shit. It's missing! I know, maybe i'll add an auth-type for ldap too. Woohoo it works! I agree there are some places in the server which are poorly documented and quite obscure. But this is pretty basic stuff. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2