FreeRadius unable to read password from LDAP query to win2008 AD
sonyisda1
esj at tpri.com
Thu May 17 20:19:44 CEST 2012
Using FreeRadius on Ubuntu 12.04
FreeRadius is communicating with Windows 2008 R2 Active Directory server.
I have MS-CHAP authentication working fine. This is used for VPN.
I am setting up LDAP authorization and CHAP authentication. This will be
used for router login. The router has the radius configuration pointing to
FreeRadius box.
>From the logs, the LDAP authorization appears to bind correctly but is
unable to retrieve a clear password for the user account and thus user
cannot be authenticated with CHAP.
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the
user is configured correctly?
I believe above indicates that no data is received from LDAP query and no
password is retrieved. I have attached relevant debug log output and config
files.
http://freeradius.1045715.n5.nabble.com/file/n5711532/freeradius_-_x.txt
freeradius_-_x.txt output from running freeradius server in debug mode
http://freeradius.1045715.n5.nabble.com/file/n5711532/router_connection_attempt.txt
router_connection_attempt.txt output from connection attempt for router
http://freeradius.1045715.n5.nabble.com/file/n5711532/default.txt
default.txt /etc/freeradius/sites-available/default
http://freeradius.1045715.n5.nabble.com/file/n5711532/inner-tunnel.txt
inner-tunnel.txt /etc/freeradius/sites-available/inner-tunnel
http://freeradius.1045715.n5.nabble.com/file/n5711532/ldap.txt ldap.txt
/etc/freeradius/modules/ldap
--
View this message in context: http://freeradius.1045715.n5.nabble.com/FreeRadius-unable-to-read-password-from-LDAP-query-to-win2008-AD-tp5711532.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list