When to ldap?

Alan DeKok aland at deployingradius.com
Thu May 13 11:18:31 CEST 2010


Dean, Barry wrote:
>   [ldap] performing search in OU=UOL,DC=adserer,DC=liv,DC=ac,DC=uk, with filter (sAMAccountName=user)
> [ldap] looking for check items in directory...
> [ldap] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?

> [pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.

  See the form at:


  It will *highlight* the information you need to know.

> I have seen the dire warnings about "Don't set Auth-Type = LDAP" so I have not ventured there as I am sure there are dragons.

  The warnings are there because people set it, and the try to do EAP.
For some reason, no LDAP server implements EAP.

  Your choices are:

a) fix your LDAP server to return a password
b) force Auth-Type := LDAP *only* for certain kinds of packets

  If you're trying to do EAP with this LDAP server (I presume it's
Active Directory), see my web site at http://deployingradius.com/.  It
has complete instructions.

  Alan DeKok.

More information about the Freeradius-Users mailing list