Freeradius + LDAP - WARNING: No "known good" password was found in LDAP

Kermes - - kermes at gmx.es
Tue Dec 22 15:03:52 CET 2015 

   Hi Anirudh,

   that was exactly my problem, the authenticate section!

   Thanks a lot!
   BR

   Enviar: martes 22 de diciembre de 2015 a las 12:40
   De: "Anirudh Malhotra" <amalhotra.sp-dl at nkn.in>
   Para: "FreeRadius users mailing list"
   <freeradius-users at lists.freeradius.org>
   Asunto: Re: Freeradius + LDAP - WARNING: No "known good" password was
   found in LDAP
   Hi,
   Your LDAP is returning ok
   So the only problem is
   unhash
   Auth-Type LDAP {
   ldap
   }
   from authenticate section and check.
   BR,
   Anirudh Malhotra
   On Monday 21 December 2015 07:30 PM, Alan DeKok wrote:
   > On Dec 21, 2015, at 3:38 AM, Kermes - - <kermes at gmx.es> wrote:
   >> I need some help with my freeradius + LDAP configuration, I'm stuck
   >> with a "WARNING: No "known good" password was found in LDAP"
   message,
   >> and I don't know how to continue with the debugging of this problem.
   > The user isn't found in LDAP. The debug output shows that, including
   the LDAP query.
   >
   >> First, versions:
   >> freeradius-ldap-2.2.6-6.el6_7.x86_64
   >> freeradius-2.2.6-6.el6_7.x86_64
   >>
   >> This is the output from "radiusd -X":
   > The debug output is from "radiusd -Xx", which adds timestamps... and
   makes the output more difficult to read. Please use just "radiusd -X".
   >> Mon Dec 21 08:14:30 2015 : Debug: [ldap] performing search in
   >> ou=users,cn=secdb,cn=data,ou=ALL,ou=infra,dc=infra,dc=local with
   filter
   >> (uid=test)
   >> Mon Dec 21 08:14:30 2015 : Info: [ldap] looking for check items in
   >> directory...
   >> Mon Dec 21 08:14:30 2015 : Info: [ldap] looking for reply items in
   >> directory...
   > And nothing was found.
   >
   > What happens when you use that LDAP search string in an LDAP client
   utility?
   >
   > Test it with an LDAP client. Once you get the search string correct,
   fix the FreeRADIUS query to use the correct search string.
   >
   >> basedn =
   >> "ou=users,cn=secdb,cn=data,ou=ALL,ou=infra,dc=infra,dc=local"
   >> filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
   > One or both of those is wrong for your LDAP system.
   >
   > I don't know what the *right* query is, because I don't know your how
   LDAP system is set up.
   >
   > Alan DeKok.
   >
   >
   > -
   > List info/subscribe/unsubscribe? See
   [1]http://www.freeradius.org/list/users.html
   -
   List info/subscribe/unsubscribe? See
   [2]http://www.freeradius.org/list/users.html

References

   1. http://www.freeradius.org/list/users.html
   2. http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list