Hello all, I am having trouble getting radius to work with ldap. I think I have the config file setup corretly because I see ldap requests in the debug.
I want to use pap and {crypt} for password encryption and accourding to the docs that should work. But I can't seem to get it working in my lab. Can anyone provide a sample ldif file that I could look at? I would prefer for radius to bind as the user to get the attributes and authenticate. It seems that this should work if I disable the identity option in the ldap module. Anyway, here are some details if they help: freeradius 0.4/openldap 2.0.21 Here is how I am starting radius: radiusd -f -X -y Here is how I am testing radius: radtest test test localhost 10 testing123 Here is some debug output: rad_recv: Access-Request packet from host 127.0.0.1:32773, id=68, length=54 User-Name = "test" Password = "y\255\347#\010Q]\346\264\262W\241\377\010\266\250" NAS-IP-Address = 255.255.255.255 NAS-Port-Id = "10" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "suffix" returns ok users: Matched DEFAULT at 144 modcall[authorize]: module "files" returns ok rlm_ldap: - authorize rlm_ldap: performing user authorization for test radius_xlat: '(uid=test)' radius_xlat: 'dc=aptalaska,dc=net' rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as cn=Manager,dc=aptalaska,dc=net/secret rlm_ldap: waiting for bind result ... rlm_ldap: performing search in dc=aptalaska,dc=net, with filter (uid=test) rlm_ldap: Added password GcuFt8zIt0v7E in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user test authorized to use remote access modcall[authorize]: module "ldap" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" auth: Failed to validate the user. Sending Access-Reject of id 68 to 127.0.0.1:32773 Finished request 0 Thanks, schu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html