FreeRadius 2.0.4 - problems with LDAP and Sonicwall...

Alan DeKok aland at
Thu May 29 22:06:18 CEST 2008

aprotector wrote:
> I've been trying to get my freeradius server to work with an Netscape LDAP
> server and authenticate users when they connect via VPN to our Sonicwall
> gateway. I have set the Sonicwall as a client so the radius recognizes it
> and then adjusted the radiusd.conf. However, when I try to authenticate an
> LDAP user from the sonicwall it will say the authentication failed and the
> radius shows the following messages:

  And no reference to "ldap".

> +- entering group authorize
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>     rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
>     rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
>   rlm_eap: No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[unix] returns notfound
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> rlm_pap: WARNING! No "known good" password found for the user. 
> Authentication may fail because of this.
> ++[pap] returns noop
> auth: No authenticate method (Auth-Type) configuration found for the
> request: Rejecting the user

  So... you have a user in LDAP, and you didn't uncomment the references
to "ldap" in the "authorize" section.

  i.e. you have a user in LDAP, and you didn't tell the server to look
in the LDAP database.

> If I uncomment a local user account on the Radius box and then try
> authenticating from the Sonicwall with this it will succeed. It just doesn't
> seem to want to go to the LDAP server and then back to the Sonicwall. Has
> anyone had any experience with this sort of setup, and might be able to shed
> some light on how I can set it up to use LDAP for the authentication? 

$ grep ldap raddb/* raddb/*/*

  Read.  Edit.  Run.

  Alan DeKok.

More information about the Freeradius-Users mailing list