ldap authentication works on v1.1.4 but fails on 2.1.3
Alan DeKok
aland at deployingradius.com
Mon Mar 16 13:57:17 CET 2009
Leese, MJ (Mark) wrote:
> 1. Uncomment "set_auth_type = yes" in raddb/modules/ldap. This was
> already done but I think it's the default anyway :-)
Then it should work.
> 2. List "pap" as the last module in the "authorize" section. Sorry, I
> should have said that I'd also tried this. Here is the debug trace with
> the pap module listed last...
...
> Mon Mar 16 10:28:26 2009 : Debug: WARNING: No "known good"
> password was found in LDAP. Are you sure that the user is configured
> correctly?
And the server doesn't find a password.
> The Access-Request contains a User-Name and plaintext User-Password. My
> LDAP server is Active Directory
<sigh> You should have said that at the start. Active Directory
isn't an LDAP server. Not really...
> so I don't think it returns anything in
> the userPassword attribute, so I guess this is why PAP also fails to
> find a "known good" password?
Yes.
> Is there anything else I can try?
Force Auth-Type := LDAP.
...
>> Sun Mar 15 17:59:38 2009 : Info: No authenticate method
>> (Auth-Type) configuration found for the request: Rejecting the user
>> Sun Mar 15 17:59:38 2009 : Info: Failed to authenticate
>> the user.
So force Auth-Type := LDAP. This will make it do "bind as user".
Alan DeKok.
More information about the Freeradius-Users
mailing list