When to ldap?
Alan DeKok
aland at deployingradius.com
Thu May 13 11:18:31 CEST 2010
<sigh>
Dean, Barry wrote:
...
> [ldap] performing search in OU=UOL,DC=adserer,DC=liv,DC=ac,DC=uk, with filter (sAMAccountName=user)
> [ldap] looking for check items in directory...
> [ldap] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
Again...
...
> [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
See the form at:
http://networkradius.com/freeradius.html
It will *highlight* the information you need to know.
> I have seen the dire warnings about "Don't set Auth-Type = LDAP" so I have not ventured there as I am sure there are dragons.
The warnings are there because people set it, and the try to do EAP.
For some reason, no LDAP server implements EAP.
Your choices are:
a) fix your LDAP server to return a password
b) force Auth-Type := LDAP *only* for certain kinds of packets
If you're trying to do EAP with this LDAP server (I presume it's
Active Directory), see my web site at http://deployingradius.com/. It
has complete instructions.
Alan DeKok.
More information about the Freeradius-Users
mailing list