Doubt - Freeradius + Ldap

Josip Rodin joy at
Mon Nov 1 20:36:06 CET 2010

On Tue, Nov 02, 2010 at 07:30:23AM +1300, Peter Lambrechtsen wrote:
> It's probably since you didn't compile OpenLDAP and FreeRadius with OpenSSL
> support.
> So you will need to recompile OpenLDAP, Cyrus SASL, OpenLDAP and FreeRadius.

No, no, no, and no. <sigh>

If you want to read random debug messages, don't pick just any.

Yes, he doesn't have SSL support, but the log also says pretty clearly:

> > Mon Nov  1 15:06:10 2010 : Debug:   rlm_eap: No EAP-Message, not doing EAP

When the client does not use EAP, it's completely irrelevant that the server
doesn't have support for SSL-using EAP methods.

And there's clearly no reason to recompile even FR, let alone three other
different pieces of software. (For the former, just use lenny-backports.)

The final error state is:

> > Mon Nov  1 15:06:10 2010 : Auth: Login incorrect:
> > [eduardo/1\320\026\305\020B)\323I\211????\001\nx\204] (from client
> > BrasilTelecom port 1812)
> > Mon Nov  1 15:06:10 2010 : Debug:   WARNING: Unprintable characters in the
> > password.    Double-check the shared secret on the server and the NAS!

So, have you double-checked the shared secret?

     2. That which causes joy or happiness.

More information about the Freeradius-Users mailing list