problem with LDAP backend

Alan DeKok aland at deployingradius.com
Wed Aug 31 18:30:45 CEST 2011


Frank Bonnet wrote:
> MAC addresses for some video devices in the "users" file
> as follows :
> 
> 00-06-F4-0D-08-66       Auth-Type := Local, User-Password == "xxxxxxxx"

  That's wrong.  See the debug output for reasons why.  See the FAQ for
correct examples.

> LDAP backend for "real" users at the end of the "users" file I have this
> statement
> 
> DEFAULT    Auth-Type = LDAP
>     Fall-Through = 1

  That's not needed.

> Wed Aug 31 16:52:39 2011 : Auth: rlm_ldap: Attribute "User-Password" is
> required for authentication. Cannot use "CHAP-Password".

  That's pretty clear.  The NAS is sending a CHAP request.  You can't do
that with "Auth-Type LDAP"

  Instead, list "ldap" in the "authorize" section.

  Don't set Auth-Type.  It's almost always wrong.

  Alan DeKok.



More information about the Freeradius-Users mailing list