Ok, I will work with what you provided - thank you.

Could you please let me know why the following conflicting message shows up after the No "known good" message?

Tue Jun 17 11:53:43 2014 : Info: [ldap] user jjenkins authorized to use remote access
Tue Jun 17 11:53:43 2014 : Debug:   [ldap] ldap_release_conn: Release Id: 0
Tue Jun 17 11:53:43 2014 : Info: ++[ldap] returns ok


On 06/17/2014 01:41 PM, Phil Mayers wrote:
On 17/06/2014 18:01, Jon Jenkins wrote:

Tue Jun 17 11:53:43 2014 : Debug: WARNING: No "known good" password was
found in LDAP.  Are you sure that the user is configured correctly?

This is the relevant line.

FreeRADIUS is built around using LDAP as a database; you store the passwords there, and FreeRADIUS does the auth. Here, it can't find a password, so it can't auth.

Also aince you're doing peap, you also are probably doing mschap inside the tunnel, and there's no "mschap" module in your inner-tunnel any more. Suggest you revert to the default config and start by making small changes.

Finally, if your LDAP directory doesn't contain passwords and can only be used as an "oracle", then it can't be used for peap/mschap. See:

http://deployingradius.com/documents/protocols/oracles.html

...and

http://deployingradius.com/documents/protocols/compatibility.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html