Alan,
Use "-X". You've added an additional "-x", which makes the output harder to read.
ok, understood, attached below
Thu Nov 18 11:20:52 2010 : Debug: rad_check_password: Found Auth-Type Reject Thu Nov 18 11:20:52 2010 : Debug: rad_check_password: Auth-Type = Reject, rejecting user
Well... something is setting that. Go find out what, and fix it. any hints, how to proceed to debug from where the "Reject" for rad_check_passwd is caused ? I checked ldap atributes and verified correctness of user passwd for simple bind with ldapsearch So i at last have exluded trivial errors like testing with a dn or wrong user password But now i d not see how to trace why the radius request comes back with reject lm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in l=Stadt,dc=de,o=Organisation, with filter (uid=test1) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Setting Auth-Type = ldap rlm_ldap: user test11 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 4 modcall[authorize]: module "files" returns ok for request 0 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. Login incorrect: [test1/testpass] (from client wlanhsp port 0 cli 00:1e:c2:a3:4d:b3) TIA Micha