Hello before i ask this question, i already read and try the freeradius + ldap authentication from https://wiki.freeradius.org/protocol/LDAP and http://confluence.diamond.ac.uk/display/PAAUTH/Using+LDAP+as+authentication+.... But now i'm kinda stuck with that both documentation, because everytime i test the user in ldap (using radtest) i get "no DN found". I already check that the dn has properly set up (i'm using phpldapadmin to create user in ldap to make it easier). Here is the debug log : Tue Jun 27 05:54:40 2017 : Debug: (1) Received Access-Request Id 251 from 127.0.0.1:53093 to 127.0.0.1:1812 length 74 Tue Jun 27 05:54:41 2017 : Debug: (1) User-Name = "teke" Tue Jun 27 05:54:41 2017 : Debug: (1) User-Password = "xxx" Tue Jun 27 05:54:41 2017 : Debug: (1) NAS-IP-Address = 127.0.1.1 Tue Jun 27 05:54:41 2017 : Debug: (1) NAS-Port = 1812 Tue Jun 27 05:54:41 2017 : Debug: (1) Message-Authenticator = 0xef22ab207657169978bd2b65ef0f42c6 Tue Jun 27 05:54:41 2017 : Debug: (1) session-state: No State attribute Tue Jun 27 05:54:41 2017 : Debug: (1) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default Tue Jun 27 05:54:41 2017 : Debug: (1) authorize { Tue Jun 27 05:54:41 2017 : Debug: (1) policy filter_username { Tue Jun 27 05:54:41 2017 : Debug: (1) if (&User-Name) { Tue Jun 27 05:54:41 2017 : Debug: (1) if (&User-Name) -> TRUE Tue Jun 27 05:54:41 2017 : Debug: (1) if (&User-Name) { Tue Jun 27 05:54:41 2017 : Debug: (1) if (&User-Name =~ /@[^@]*@/ ) { Tue Jun 27 05:54:41 2017 : Debug: No matches Tue Jun 27 05:54:41 2017 : Debug: (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Tue Jun 27 05:54:41 2017 : Debug: (1) if (&User-Name =~ /\.\./ ) { Tue Jun 27 05:54:41 2017 : Debug: No matches Tue Jun 27 05:54:41 2017 : Debug: (1) if (&User-Name =~ /\.\./ ) -> FALSE Tue Jun 27 05:54:41 2017 : Debug: (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Tue Jun 27 05:54:41 2017 : Debug: No matches Tue Jun 27 05:54:41 2017 : Debug: (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Tue Jun 27 05:54:41 2017 : Debug: (1) if (&User-Name =~ /\.$/) { Tue Jun 27 05:54:41 2017 : Debug: No matches Tue Jun 27 05:54:41 2017 : Debug: (1) if (&User-Name =~ /\.$/) -> FALSE Tue Jun 27 05:54:41 2017 : Debug: (1) if (&User-Name =~ /@\./) { Tue Jun 27 05:54:41 2017 : Debug: No matches Tue Jun 27 05:54:41 2017 : Debug: (1) if (&User-Name =~ /@\./) -> FALSE Tue Jun 27 05:54:41 2017 : Debug: (1) } # if (&User-Name) = notfound Tue Jun 27 05:54:41 2017 : Debug: (1) } # policy filter_username = notfound Tue Jun 27 05:54:41 2017 : Debug: (1) modsingle[authorize]: calling preprocess (rlm_preprocess) Tue Jun 27 05:54:41 2017 : Debug: (1) modsingle[authorize]: returned from preprocess (rlm_preprocess) Tue Jun 27 05:54:41 2017 : Debug: (1) [preprocess] = ok Tue Jun 27 05:54:41 2017 : Debug: (1) modsingle[authorize]: calling chap (rlm_chap) Tue Jun 27 05:54:41 2017 : Debug: (1) modsingle[authorize]: returned from chap (rlm_chap) Tue Jun 27 05:54:41 2017 : Debug: (1) [chap] = noop Tue Jun 27 05:54:41 2017 : Debug: (1) modsingle[authorize]: calling mschap (rlm_mschap) Tue Jun 27 05:54:41 2017 : Debug: (1) modsingle[authorize]: returned from mschap (rlm_mschap) Tue Jun 27 05:54:41 2017 : Debug: (1) [mschap] = noop Tue Jun 27 05:54:41 2017 : Debug: (1) modsingle[authorize]: calling digest (rlm_digest) Tue Jun 27 05:54:41 2017 : Debug: (1) modsingle[authorize]: returned from digest (rlm_digest) Tue Jun 27 05:54:41 2017 : Debug: (1) [digest] = noop Tue Jun 27 05:54:41 2017 : Debug: (1) modsingle[authorize]: calling suffix (rlm_realm) Tue Jun 27 05:54:41 2017 : Debug: (1) suffix: Checking for suffix after "@" Tue Jun 27 05:54:41 2017 : Debug: (1) suffix: No '@' in User-Name = "teke", looking up realm NULL Tue Jun 27 05:54:41 2017 : Debug: (1) suffix: No such realm "NULL" Tue Jun 27 05:54:41 2017 : Debug: (1) modsingle[authorize]: returned from suffix (rlm_realm) Tue Jun 27 05:54:41 2017 : Debug: (1) [suffix] = noop Tue Jun 27 05:54:41 2017 : Debug: (1) modsingle[authorize]: calling eap (rlm_eap) Tue Jun 27 05:54:41 2017 : Debug: (1) eap: No EAP-Message, not doing EAP Tue Jun 27 05:54:41 2017 : Debug: (1) modsingle[authorize]: returned from eap (rlm_eap) Tue Jun 27 05:54:41 2017 : Debug: (1) [eap] = noop Tue Jun 27 05:54:41 2017 : Debug: (1) modsingle[authorize]: calling files (rlm_files) Tue Jun 27 05:54:41 2017 : Debug: (1) modsingle[authorize]: returned from files (rlm_files) Tue Jun 27 05:54:41 2017 : Debug: (1) [files] = noop Tue Jun 27 05:54:41 2017 : Debug: (1) modsingle[authorize]: calling ldap (rlm_ldap) Tue Jun 27 05:54:41 2017 : Info: rlm_ldap (ldap): Closing connection (1): Hit idle_timeout, was idle for 118721 seconds Tue Jun 27 05:54:41 2017 : Debug: rlm_ldap: Closing libldap handle 0x558ba43988d0 Tue Jun 27 05:54:42 2017 : Info: rlm_ldap (ldap): Closing connection (2): Hit idle_timeout, was idle for 118721 seconds Tue Jun 27 05:54:42 2017 : Debug: rlm_ldap: Closing libldap handle 0x558ba439cf90 Tue Jun 27 05:54:42 2017 : Info: rlm_ldap (ldap): Closing connection (3): Hit idle_timeout, was idle for 118721 seconds Tue Jun 27 05:54:42 2017 : Debug: rlm_ldap: Closing libldap handle 0x558ba438f2e0 Tue Jun 27 05:54:42 2017 : Info: rlm_ldap (ldap): Closing connection (4): Hit idle_timeout, was idle for 118721 seconds Tue Jun 27 05:54:42 2017 : Debug: rlm_ldap (ldap): You probably need to lower "min" Tue Jun 27 05:54:42 2017 : Debug: rlm_ldap: Closing libldap handle 0x558ba4392d70 Tue Jun 27 05:54:42 2017 : Info: rlm_ldap (ldap): Closing connection (0): Hit idle_timeout, was idle for 118711 seconds Tue Jun 27 05:54:42 2017 : Debug: rlm_ldap (ldap): You probably need to lower "min" Tue Jun 27 05:54:42 2017 : Debug: rlm_ldap: Closing libldap handle 0x558ba44fefb0 Tue Jun 27 05:54:42 2017 : Info: rlm_ldap (ldap): Closing connection (5): Hit idle_timeout, was idle for 118711 seconds Tue Jun 27 05:54:42 2017 : Debug: rlm_ldap (ldap): You probably need to lower "min" Tue Jun 27 05:54:42 2017 : Debug: rlm_ldap: Closing libldap handle 0x558ba439f860 Tue Jun 27 05:54:42 2017 : Debug: rlm_ldap (ldap): 0 of 0 connections in use. You may need to increase "spare" Tue Jun 27 05:54:42 2017 : Info: rlm_ldap (ldap): Opening additional connection (6), 1 of 32 pending slots used Tue Jun 27 05:54:42 2017 : Debug: rlm_ldap (ldap): Connecting to ldap://localhost:389 Tue Jun 27 05:54:42 2017 : Debug: rlm_ldap (ldap): New libldap handle 0x558ba438e620 Tue Jun 27 05:54:42 2017 : Debug: rlm_ldap (ldap): Waiting for bind result... Tue Jun 27 05:54:43 2017 : Debug: rlm_ldap (ldap): Bind successful Tue Jun 27 05:54:43 2017 : Debug: rlm_ldap (ldap): Reserved connection (6) Tue Jun 27 05:54:43 2017 : Debug: (1) ldap: EXPAND TMPL XLAT Tue Jun 27 05:54:43 2017 : Debug: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) Tue Jun 27 05:54:43 2017 : Debug: Parsed xlat tree: Tue Jun 27 05:54:43 2017 : Debug: literal --> (uid= Tue Jun 27 05:54:43 2017 : Debug: if { Tue Jun 27 05:54:43 2017 : Debug: attribute --> Stripped-User-Name Tue Jun 27 05:54:43 2017 : Debug: } Tue Jun 27 05:54:43 2017 : Debug: else { Tue Jun 27 05:54:43 2017 : Debug: attribute --> User-Name Tue Jun 27 05:54:43 2017 : Debug: } Tue Jun 27 05:54:43 2017 : Debug: literal --> ) Tue Jun 27 05:54:43 2017 : Debug: (1) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) Tue Jun 27 05:54:43 2017 : Debug: (1) ldap: --> (uid=teke) Tue Jun 27 05:54:43 2017 : Debug: (1) ldap: EXPAND TMPL LITERAL Tue Jun 27 05:54:43 2017 : Debug: (1) ldap: Performing search in "" with filter "(uid=teke)", scope "sub" Tue Jun 27 05:54:43 2017 : Debug: (1) ldap: Waiting for search result... Tue Jun 27 05:54:43 2017 : Debug: (1) ldap: The specified DN wasn't found Tue Jun 27 05:54:43 2017 : Debug: (1) ldap: Search returned no results Tue Jun 27 05:54:43 2017 : Debug: rlm_ldap (ldap): Released connection (6) Tue Jun 27 05:54:43 2017 : Info: rlm_ldap (ldap): Need 2 more connections to reach 10 spares Tue Jun 27 05:54:43 2017 : Info: rlm_ldap (ldap): Opening additional connection (7), 1 of 31 pending slots used Tue Jun 27 05:54:43 2017 : Debug: rlm_ldap (ldap): Connecting to ldap://localhost:389 Tue Jun 27 05:54:43 2017 : Debug: rlm_ldap (ldap): New libldap handle 0x558ba439b660 Tue Jun 27 05:54:43 2017 : Debug: rlm_ldap (ldap): Waiting for bind result... Tue Jun 27 05:54:43 2017 : Debug: rlm_ldap (ldap): Bind successful Tue Jun 27 05:54:43 2017 : Debug: (1) modsingle[authorize]: returned from ldap (rlm_ldap) Tue Jun 27 05:54:43 2017 : Debug: (1) [ldap] = notfound Tue Jun 27 05:54:43 2017 : Debug: (1) } # authorize = notfound Tue Jun 27 05:54:43 2017 : ERROR: (1) No Auth-Type found: rejecting the user via Post-Auth-Type = Reject Tue Jun 27 05:54:43 2017 : Debug: (1) Failed to authenticate the user Tue Jun 27 05:54:43 2017 : Debug: (1) Using Post-Auth-Type Reject Tue Jun 27 05:54:43 2017 : Debug: (1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default Tue Jun 27 05:54:43 2017 : Debug: (1) Post-Auth-Type REJECT { Tue Jun 27 05:54:43 2017 : Debug: (1) modsingle[post-auth]: calling attr_filter.access_reject (rlm_attr_filter) Tue Jun 27 05:54:43 2017 : Debug: %{User-Name} Tue Jun 27 05:54:43 2017 : Debug: Parsed xlat tree: Tue Jun 27 05:54:43 2017 : Debug: attribute --> User-Name Tue Jun 27 05:54:43 2017 : Debug: (1) attr_filter.access_reject: EXPAND %{User-Name} Tue Jun 27 05:54:43 2017 : Debug: (1) attr_filter.access_reject: --> teke Tue Jun 27 05:54:43 2017 : Debug: (1) attr_filter.access_reject: Matched entry DEFAULT at line 11 Tue Jun 27 05:54:43 2017 : Debug: (1) modsingle[post-auth]: returned from attr_filter.access_reject (rlm_attr_filter) Tue Jun 27 05:54:43 2017 : Debug: (1) [attr_filter.access_reject] = updated Tue Jun 27 05:54:43 2017 : Debug: (1) modsingle[post-auth]: calling eap (rlm_eap) Tue Jun 27 05:54:43 2017 : Debug: (1) eap: Request didn't contain an EAP-Message, not inserting EAP-Failure Tue Jun 27 05:54:43 2017 : Debug: (1) modsingle[post-auth]: returned from eap (rlm_eap) Tue Jun 27 05:54:43 2017 : Debug: (1) [eap] = noop Tue Jun 27 05:54:43 2017 : Debug: (1) policy remove_reply_message_if_eap { Tue Jun 27 05:54:43 2017 : Debug: (1) if (&reply:EAP-Message && &reply:Reply-Message) { Tue Jun 27 05:54:43 2017 : Debug: (1) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE Tue Jun 27 05:54:43 2017 : Debug: (1) else { Tue Jun 27 05:54:43 2017 : Debug: (1) modsingle[post-auth]: calling noop (rlm_always) Tue Jun 27 05:54:43 2017 : Debug: (1) modsingle[post-auth]: returned from noop (rlm_always) Tue Jun 27 05:54:43 2017 : Debug: (1) [noop] = noop Tue Jun 27 05:54:43 2017 : Debug: (1) } # else = noop Tue Jun 27 05:54:43 2017 : Debug: (1) } # policy remove_reply_message_if_eap = noop Tue Jun 27 05:54:43 2017 : Debug: (1) } # Post-Auth-Type REJECT = updated Tue Jun 27 05:54:43 2017 : Debug: (1) Delaying response for 1.000000 seconds Tue Jun 27 05:54:43 2017 : Debug: Waking up in 0.9 seconds. Tue Jun 27 05:54:44 2017 : Debug: (1) Sending delayed response Tue Jun 27 05:54:44 2017 : Debug: (1) Sent Access-Reject Id 251 from 127.0.0.1:1812 to 127.0.0.1:53093 length 20 Tue Jun 27 05:54:44 2017 : Debug: Waking up in 3.9 seconds. Tue Jun 27 05:54:48 2017 : Debug: (1) Cleaning up request packet ID 251 with timestamp +118720 Any kind of help, documentation recommendation would help. thankyou!