LDAP auth
Phil Mayers
p.mayers at imperial.ac.uk
Tue Jun 17 20:41:27 CEST 2014
On 17/06/2014 18:01, Jon Jenkins wrote:
> Tue Jun 17 11:53:43 2014 : Debug: WARNING: No "known good" password was
> found in LDAP. Are you sure that the user is configured correctly?
This is the relevant line.
FreeRADIUS is built around using LDAP as a database; you store the
passwords there, and FreeRADIUS does the auth. Here, it can't find a
password, so it can't auth.
Also aince you're doing peap, you also are probably doing mschap inside
the tunnel, and there's no "mschap" module in your inner-tunnel any
more. Suggest you revert to the default config and start by making small
changes.
Finally, if your LDAP directory doesn't contain passwords and can only
be used as an "oracle", then it can't be used for peap/mschap. See:
http://deployingradius.com/documents/protocols/oracles.html
...and
http://deployingradius.com/documents/protocols/compatibility.html
More information about the Freeradius-Users
mailing list