Freeipa and Freeradius integration

Arran Cudbard-Bell a.cudbardb at freeradius.org
Fri Apr 10 18:15:12 CEST 2015


> On 10 Apr 2015, at 10:08, KL Forwarder <kl.forwarder at gmail.com> wrote:
> 
> On Fri, Apr 10, 2015 at 3:27 PM, Arran Cudbard-Bell
> <a.cudbardb at freeradius.org> wrote:
>> 
>>> (0) WARNING: ldap : No "reference" password added. Ensure the admin
>>> user has permission to read the password attribute
>>> (0) WARNING: ldap : PAP authentication will *NOT* work with Active
>>> Directory (if that is what you were trying to configure)
>> 
>> It's almost like this had happened before :)
> 
> I saw that indeed ;).
> 
> I now added the admin user in the ldap config file now. It was
> complaining before (wrong dn), but it is starting now. I assume that
> the user I set is correct then ("identity =
> "uid=admin,cn=users,cn=accounts,dc=companyname,dc=local"), with the
> admin password.

Looks reasonable.

> Problem is I still get:
> 
> (0) WARNING: ldap : No "reference" password added. Ensure the admin
> user has permission to read the password attribute
> (0) WARNING: ldap : PAP authentication will *NOT* work with Active
> Directory (if that is what you were trying to configure)
> 
> How can I test if the password is correct? And are there references I
> can use (maybe a good general "Freeradius-ldap" guide?). Thanks so

You need to check if ldapsearch returns the userPassword attribute when bound with the credentials you configured for FR.

The server is warning you that you had a mapping between an LDAP attribute, and a RADIUS attribute it knows is used to store the users password, but that the mapping was skipped because the LDAP server didn't return a value for that attribute.

-Arran


Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150410/5679703d/attachment.sig>


More information about the Freeradius-Users mailing list