rad_recv: Access-Request packet from host 127.0.0.1 port 50670, id=151, length=57 User-Name = "billy" User-Password = "password" NAS-IP-Address = 127.0.1.1 NAS-Port = 1 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "billy", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request:
The "ldap" module wasn't run there at all. You need to add "ldap" to the authorize section i.e.: authorize { # whatever else, then ldap } The "unix" module (i.e. look in /etc/passwd) *was* run, which is probably what you don't want.