rlm_ldap: Attribute "User-Password" is required for authentication. HELP Please

Alan DeKok aland at deployingradius.com
Mon Apr 23 13:23:06 CEST 2007

Jacob Jarick wrote:
> My problem is the ldap password retrieved from the windows client is
> not being sent to the ldap server.

  The problem is that you have configured "Auth-Type := LDAP", and then
sent the server an 802.1x authentication request. Do NOT set Auth-Type =
LDAP.  This is repeated all over the place in the configuration files,
the documentation, and on this list.

  In fact, just delete "ldap" from the "authenticate" section.  If you
can get PAP working with that setup, then 802.1x && EAP should work, too.

  Make sure that FreeRADIUS is retrieving the password from LDAP.  If
you have FreeRADIUS doing "bind as user" to LDAP, then it is NOT
retrieving the password from LDAP.

  See: http://deployingradius.com/documents/protocols/

  And the two other web pages linked to from that page.

> The weird thing is It was working fine friday.

  Because you were doing PAP authentication.

  I'm half inclined to remove "ldap bind as user" from the server
entirely.  It confuses too many people, and causes too many problems.

  Alan DeKok.
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog

More information about the Freeradius-Users mailing list