<sigh> Dean, Barry wrote: ...
[ldap] performing search in OU=UOL,DC=adserer,DC=liv,DC=ac,DC=uk, with filter (sAMAccountName=user) [ldap] looking for check items in directory... [ldap] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
Again... ...
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
See the form at: http://networkradius.com/freeradius.html It will *highlight* the information you need to know.
I have seen the dire warnings about "Don't set Auth-Type = LDAP" so I have not ventured there as I am sure there are dragons.
The warnings are there because people set it, and the try to do EAP. For some reason, no LDAP server implements EAP. Your choices are: a) fix your LDAP server to return a password b) force Auth-Type := LDAP *only* for certain kinds of packets If you're trying to do EAP with this LDAP server (I presume it's Active Directory), see my web site at http://deployingradius.com/. It has complete instructions. Alan DeKok.