freeradius ldap auth "sort of" working ?

Arran Cudbard-Bell a.cudbardb at
Mon Jul 1 13:42:51 CEST 2013

On 1 Jul 2013, at 12:27, Horatiu Nimigean <horatiu.nimigean at> wrote:

> Greetings.
> I have a problem with freeradius using ldap to auth, here are my system specs:
> Centos 6 64bit
> freeradius installed from repo
>> rpm -qa | grep -i freeradius
>> freeradius-ldap-2.1.12-4.el6_3.x86_64
>> freeradius-2.1.12-4.el6_3.x86_64
>> freeradius-utils-2.1.12-4.el6_3.x86_64
> ldap already up and running, on localhost. everything is local btw, there are no remote services and ldap is (test environment) accepting unsecured connections.
>> rpm -qa | grep -i openld
>> openldap-devel-2.4.23-32.el6_4.1.x86_64
>> openldap-clients-2.4.23-32.el6_4.1.x86_64
>> openldap-servers-2.4.23-32.el6_4.1.x86_64
>> openldap-2.4.23-32.el6_4.1.x86_64
> radtest fails
>> radtest testuser_1 "letmein_1" localhost 2 testing123
>> Sending Access-Request of id 214 to port 1812
>>        User-Name = "testuser_1"
>>        User-Password = "letmein_1"
>>        NAS-IP-Address =
>>        NAS-Port = 2
>>        Message-Authenticator = 0x00000000000000000000000000000000
>> rad_recv: Access-Reject packet from host port 1812, id=214, length=20
> and this is the output from radius (ran as radiusd -X)
> i don't understand. it auths but then it doesn't.. the final result is not successful
> Thanks in advance,


Your admin user managed to bind and retrieve credentials for your user, your user bind never succeeded.

Seeing as you have access to the crypt hash of the user's password you should use PAP to do authentication.

Set "set_auth_type = no" in modules/ldap.

and make sure 'pap' is listed in authorize.

If the password you're using in radtest is correct, this will work. If it isn't then authentication will continue to fail.


Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS Development Team

More information about the Freeradius-Users mailing list