LDAP auth
Jon Jenkins
jon.jenkins at convergecfd.com
Tue Jun 17 22:20:03 CEST 2014
Ok, I will work with what you provided - thank you.
Could you please let me know why the following conflicting message shows
up after the No "known good" message?
Tue Jun 17 11:53:43 2014 : Info: [ldap] user jjenkins authorized to use
remote access
Tue Jun 17 11:53:43 2014 : Debug: [ldap] ldap_release_conn: Release Id: 0
Tue Jun 17 11:53:43 2014 : Info: ++[ldap] returns ok
On 06/17/2014 01:41 PM, Phil Mayers wrote:
> On 17/06/2014 18:01, Jon Jenkins wrote:
>
>> Tue Jun 17 11:53:43 2014 : Debug: WARNING: No "known good" password was
>> found in LDAP. Are you sure that the user is configured correctly?
>
> This is the relevant line.
>
> FreeRADIUS is built around using LDAP as a database; you store the
> passwords there, and FreeRADIUS does the auth. Here, it can't find a
> password, so it can't auth.
>
> Also aince you're doing peap, you also are probably doing mschap
> inside the tunnel, and there's no "mschap" module in your inner-tunnel
> any more. Suggest you revert to the default config and start by making
> small changes.
>
> Finally, if your LDAP directory doesn't contain passwords and can only
> be used as an "oracle", then it can't be used for peap/mschap. See:
>
> http://deployingradius.com/documents/protocols/oracles.html
>
> ...and
>
> http://deployingradius.com/documents/protocols/compatibility.html
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140617/07c26efc/attachment.html>
More information about the Freeradius-Users
mailing list