On 10 Apr 2015, at 10:08, KL Forwarder <kl.forwarder@gmail.com> wrote:
On Fri, Apr 10, 2015 at 3:27 PM, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
(0) WARNING: ldap : No "reference" password added. Ensure the admin user has permission to read the password attribute (0) WARNING: ldap : PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure)
It's almost like this had happened before :)
I saw that indeed ;).
I now added the admin user in the ldap config file now. It was complaining before (wrong dn), but it is starting now. I assume that the user I set is correct then ("identity = "uid=admin,cn=users,cn=accounts,dc=companyname,dc=local"), with the admin password.
Looks reasonable.
Problem is I still get:
(0) WARNING: ldap : No "reference" password added. Ensure the admin user has permission to read the password attribute (0) WARNING: ldap : PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure)
How can I test if the password is correct? And are there references I can use (maybe a good general "Freeradius-ldap" guide?). Thanks so
You need to check if ldapsearch returns the userPassword attribute when bound with the credentials you configured for FR. The server is warning you that you had a mapping between an LDAP attribute, and a RADIUS attribute it knows is used to store the users password, but that the mapping was skipped because the LDAP server didn't return a value for that attribute. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2