LDAP auth

Phil Mayers p.mayers at imperial.ac.uk
Tue Jun 17 20:41:27 CEST 2014

On 17/06/2014 18:01, Jon Jenkins wrote:

> Tue Jun 17 11:53:43 2014 : Debug: WARNING: No "known good" password was
> found in LDAP.  Are you sure that the user is configured correctly?

This is the relevant line.

FreeRADIUS is built around using LDAP as a database; you store the 
passwords there, and FreeRADIUS does the auth. Here, it can't find a 
password, so it can't auth.

Also aince you're doing peap, you also are probably doing mschap inside 
the tunnel, and there's no "mschap" module in your inner-tunnel any 
more. Suggest you revert to the default config and start by making small 

Finally, if your LDAP directory doesn't contain passwords and can only 
be used as an "oracle", then it can't be used for peap/mschap. See:




More information about the Freeradius-Users mailing list