No "known good" password was found in LDAP

newtownz jean466 at
Thu Jul 22 21:26:13 CEST 2010


I have a setup with a laptop, access-point, wireless-controller, freeradius
2.1.8 (ubuntu 10.04)
and SLES 10 eDirectory.

When I put the username and password in the users file everything works fine
(802.1x, PEAP)

When I try to move authentication with the eDirectory with ldap, I get the
Warning no known...
but then the user is authorized. ([ldap] user aruba authorized to use remote

[ldap]  expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=aruba)
[ldap]  expand: o=org -> o=org
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] attempting LDAP reconnection
  [ldap] (re)connect to xxx.yyy.110.136:389, authentication 0
  [ldap] bind as cn=admin,o=org/admin to xxx.yyy.110.136:389
  [ldap] waiting for bind result ...
  [ldap] Bind was successful
  [ldap] performing search in o=org, with filter (uid=aruba)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the
user is configured correctly?
[ldap] user aruba authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0

The password stored in eDirectory is valid.

My understanding of eDirectory is that it will never let you see the actual
of a user, it will hash it first. Is this behavior of freeradius normal?

Later in the process the user is rejected because no Auth-Type was found,
is this related?

View this message in context:
Sent from the FreeRadius - User mailing list archive at

More information about the Freeradius-Users mailing list