Freeradius + LDAP - WARNING: No "known good" password was found in LDAP
Anirudh Malhotra
amalhotra.sp-dl at nkn.in
Tue Dec 22 12:40:31 CET 2015
Hi,
Your LDAP is returning ok
So the only problem is
unhash
Auth-Type LDAP {
ldap
}
from authenticate section and check.
BR,
Anirudh Malhotra
On Monday 21 December 2015 07:30 PM, Alan DeKok wrote:
> On Dec 21, 2015, at 3:38 AM, Kermes - - <kermes at gmx.es> wrote:
>> I need some help with my freeradius + LDAP configuration, I'm stuck
>> with a "WARNING: No "known good" password was found in LDAP" message,
>> and I don't know how to continue with the debugging of this problem.
> The user isn't found in LDAP. The debug output shows that, including the LDAP query.
>
>> First, versions:
>> freeradius-ldap-2.2.6-6.el6_7.x86_64
>> freeradius-2.2.6-6.el6_7.x86_64
>>
>> This is the output from "radiusd -X":
> The debug output is from "radiusd -Xx", which adds timestamps... and makes the output more difficult to read. Please use just "radiusd -X".
>> Mon Dec 21 08:14:30 2015 : Debug: [ldap] performing search in
>> ou=users,cn=secdb,cn=data,ou=ALL,ou=infra,dc=infra,dc=local with filter
>> (uid=test)
>> Mon Dec 21 08:14:30 2015 : Info: [ldap] looking for check items in
>> directory...
>> Mon Dec 21 08:14:30 2015 : Info: [ldap] looking for reply items in
>> directory...
> And nothing was found.
>
> What happens when you use that LDAP search string in an LDAP client utility?
>
> Test it with an LDAP client. Once you get the search string correct, fix the FreeRADIUS query to use the correct search string.
>
>> basedn =
>> "ou=users,cn=secdb,cn=data,ou=ALL,ou=infra,dc=infra,dc=local"
>> filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
> One or both of those is wrong for your LDAP system.
>
> I don't know what the *right* query is, because I don't know your how LDAP system is set up.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list