Alan, I do appreciate everyones help, but as there are multiple people responding and not just you, I am address multiple people helping me. Now I am sorry if I seem to be ignoring what has been told to me but looking at the thread of this e-mail you will that actually the radtest output is from the debug output from radiusd -X, provided as instructed due to a push that was done a few days ago. Sorry about miss labeling it. Per previous e-mail in thread from for modifying /usr/local/etc/raddb/site-enabled/default *Arran Cudbard-Bell <a.cudbardb@freeradius.org <a.cudbardb@freeradius.org>>* *Unknown error means ldap_set_option returned an error without setting an erroron the ldap handle.Reading through the OpenLDAP code, it seems that this particular option is onlyavailable as a global, so we're not allowed to pass in an ldap handle.This is undocumented behaviour.I'll push a fix.As for module ordering, edit sites-available/defaultRemove everything from the authorize section, and just list the modulesldappapin that order.Remove everything from the auth section, and just list pap.It should work.-Arran* The config file is being modified and I am only posting progress update as I am not seeing anything from the PAP modules other than the following rlm_ldap (ldap) - Bind successful (0) ldap (ok) (0) pap - WARNING: No "known good" password found for the user. Not setting Auth-Type (0) pap - WARNING: Authentication will fail unless a "known good" password is available (0) pap (noop) When I am seeing the following from the bind user rlm_ldap (ldap) - Bind successful (1) ldap - Reserved connection (6) (1) ldap - EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (1) ldap - --> (uid=demouser) (1) ldap - Performing search in "ou=Users,dc=myhost,dc=com" with filter "(uid=bind-user)", scope "sub" (1) ldap - Waiting for search result... (1) ldap - User object found at DN "uid=bind-user,ou=Users,dc=myhost,dc=com" (1) ldap - Processing user attributes (1) ldap - &control:Password-With-Header += {CRYPT}$6$cbea6d7932dfa76b$YgORZH6XtDXmFEDrcBnX3Ao6JDxACy.BRMTNZ8DkF0idg3cM2D3gPEHRfA05f8dQx14o/4Fi575xXJ.2yDkDA/ (1) ldap - Released connection (6) ... rlm_ldap (ldap) - Bind successful (1) ldap (updated) (1) pap - Converted: Password-With-Header -> Crypt-Password (1) pap - Removing &control:Password-With-Header (1) pap (updated) True putting things into the e-mail thread seeming rude, so I tried to put it in pastebin so that it would not show up in the e-mails. On Tue, Feb 2, 2016 at 12:02 PM, Alan DeKok <aland@deployingradius.com> wrote:
On Feb 2, 2016, at 3:00 PM, Will W. <will@damagesinc.net> wrote:
Ok Still having issues, I have the lasted pull from this morning running
on
CentOS 7.2 It seems that I can only see it trying cleartext, is there a way to get the PAP module to a higher debug level so I can see what cipher it is trying against the LDAP server?
Config file for default after putting in the changes http://pastebin.com/Z7H3tjxm
We've told you that we don't need the configuration files.
Here is the output from radtest http://pastebin.com/GfBkbFxY
We've told you that we don't need the output of radtest.
We've told you we need to see the debug output.
Not to be rude.. but you're being rude.
Follow instructions, or stop asking questions on this list.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html