freeradius + ldap

Ana Gallardo ana.gallardo.77 at
Thu Dec 2 09:09:51 CET 2010

Josip, thanks for your response.

Add LDAP into the authenticate section, so that it simply tries to re-bind
> with the provided credentials? Like this:
>        Auth-Type LDAP {
>                ldapPerson
>        }

I try this configuration too, but it doesn't work for me. Freeradius doesn't
set the value to Auth-Type attribute. I thik that this is because the
userPassword attribute is only visible to each particular user when binds.

rad_recv: Access-Request packet from host X.X.X.X port 49621, id=130,
    User-Name = "aigallardo at"
    User-Password = "XXXX"
server test {
# Executing section authorize from file /etc/freeradius/sites-enabled/test
+- entering group authorize {...}
[suffix] Looking up realm "" for User-Name = "aigallardo at"
[suffix] Found realm ""
[suffix] Adding Stripped-User-Name = "aigallardo"
[suffix] Adding Realm = ""
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[files] users: Matched entry DEFAULT at line 33
++[files] returns ok
[ldapPerson] performing user authorization for aigallardo
[ldapPerson]     expand: %{Stripped-User-Name} -> aigallardo
[ldapPerson]     expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
[ldapPerson]     expand: ou=people,dc=unex,dc=es -> ou=people,dc=unex,dc=es
  [ldapPerson] ldap_get_conn: Checking Id: 0
  [ldapPerson] ldap_get_conn: Got Id: 0
  [ldapPerson] attempting LDAP reconnection
  [ldapPerson] (re)connect to, authentication 0
  [ldapPerson] bind as / to
  [ldapPerson] waiting for bind result ...
  [ldapPerson] Bind was successful
  [ldapPerson] performing search in ou=people,dc=unex,dc=es, with filter
[ldapPerson] No default NMAS login sequence
[ldapPerson] looking for check items in directory...
[ldapPerson] looking for reply items in directory...
  [ldapPerson] gecos -> Nombre-Completo = "Ana-Isabel Gallardo Gomez,Dpto.
Tecno. Computadores y Comuni.,,"
WARNING: No "known good" password was found in LDAP.  Are you sure that the
user is configured correctly?
[ldapPerson] user aigallardo authorized to use remote access
  [ldapPerson] ldap_release_conn: Release Id: 0
++[ldapPerson] returns ok
++[expiration] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting
the user
Failed to authenticate the user.
} # server test

Thank you very much and sorry for my english.

++ Ana Gallardo Gómez ++
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list