Check LDAP password with SHA512

Alan DeKok aland at
Wed Jan 27 20:01:50 CET 2016

On Jan 27, 2016, at 1:56 PM, Will W. <will at> wrote:
> There are multiple ldap hosts behind a load balancer, think the ldap genies are doing maintenance, so nice that they do that with out sending out an e-mail or something to do with the following:

  That is not good.  The idea of a database is to be available.  If it's randomly not available due to load balancer issues... that should be fixed.

> output of  radtest demouser testing123 localhost 0 testing123


> (1) ldap : User object found at DN "uid=demouser,ou=Users,dc=myhost,dc=com"
> (1) ldap : Processing user attributes
> (1) WARNING: ldap : No "known good" password added. Ensure the admin user has permission to read the password attribute
> (1) WARNING: ldap : PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure)

  Again, those messages should be clear.

  Fix LDAP so that it returns results.  Or, have the search done via an administrative user.

  Alan DeKok.

More information about the Freeradius-Users mailing list