Freeipa and Freeradius integration
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Fri Apr 10 18:15:12 CEST 2015
> On 10 Apr 2015, at 10:08, KL Forwarder <kl.forwarder at gmail.com> wrote:
>
> On Fri, Apr 10, 2015 at 3:27 PM, Arran Cudbard-Bell
> <a.cudbardb at freeradius.org> wrote:
>>
>>> (0) WARNING: ldap : No "reference" password added. Ensure the admin
>>> user has permission to read the password attribute
>>> (0) WARNING: ldap : PAP authentication will *NOT* work with Active
>>> Directory (if that is what you were trying to configure)
>>
>> It's almost like this had happened before :)
>
> I saw that indeed ;).
>
> I now added the admin user in the ldap config file now. It was
> complaining before (wrong dn), but it is starting now. I assume that
> the user I set is correct then ("identity =
> "uid=admin,cn=users,cn=accounts,dc=companyname,dc=local"), with the
> admin password.
Looks reasonable.
> Problem is I still get:
>
> (0) WARNING: ldap : No "reference" password added. Ensure the admin
> user has permission to read the password attribute
> (0) WARNING: ldap : PAP authentication will *NOT* work with Active
> Directory (if that is what you were trying to configure)
>
> How can I test if the password is correct? And are there references I
> can use (maybe a good general "Freeradius-ldap" guide?). Thanks so
You need to check if ldapsearch returns the userPassword attribute when bound with the credentials you configured for FR.
The server is warning you that you had a mapping between an LDAP attribute, and a RADIUS attribute it knows is used to store the users password, but that the mapping was skipped because the LDAP server didn't return a value for that attribute.
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150410/5679703d/attachment.sig>
More information about the Freeradius-Users
mailing list