Configuring LDAP for query ONLY...

Phil Mayers p.mayers at
Wed Dec 12 17:37:19 CET 2007

> rlm_ldap: user test1 authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
>   modcall[authorize]: module "ldap" returns ok for
> request 0
> rlm_pap: WARNING! No "known good" password found for
> the user.  Authentication may fail because of this.

That's the problem.

Your LDAP module should be copying the LDAP attribute containing the 
password to the relevant check item.

Slightly confusing, there are two ways to do this:

  1. ldap.attrmap
  2. password_attribute & password_header config items of ldap module

What are those setup to do?

A full "-X" debug would help at this point.

More information about the Freeradius-Users mailing list