LDAP authentication
Stefan Winter
stefan.winter at restena.lu
Wed Aug 30 09:15:12 CEST 2006
Hi,
> I should have tried that mapping.
>
> HOWEVER
>
> It still doesn't work.
> I can perform radtest queries username/LDAPpassword, and I get the accept
> response.
> If I use the query with username/remotepassword, I get rejected.
Okay, I can't verify what I propose now, so I might be wrong, but:
ldap is usually called twice: during authorize and authenticate. authorize is
the section that pulls attributes out of LDAP using ldap.attrmap and is the
one you need. In authenticate, it tries a bind with the user's name and
password. This is NOT what you want, because the bind will fail. You could
try to _comment out_ the following lines from your authenticate section
Auth-Type LDAP {
ldap
}
so that the bind isn't attempted. Not sure if that's enough though, since the
ldap in authroze will set Auth-Type to LDAP by itself... But if it doesn't,
someone else would need to jump in, that's beyond my experience. Maybe it's
necessary to set Auth-Type to PAP in the users file manually then.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche - Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
More information about the Freeradius-Users
mailing list