On Fri, 30 May 2003 [EMAIL PROTECTED] wrote: > Always an Access-Reject when I use sn as userPassword > > Another Idea ? or a correction ? > > Philippe > > rad_recv: Access-Request packet from host 192.168.2.92:1570, id=4, > length=48 > User-Name = "philippe" > User-Password = "philippe" > rlm_ldap: checking if remote access for philippe is allowed by sn > rlm_ldap: Added password philippe in check items
^^^^^^^^^^^^^^^^^^^^^ That's good > rlm_ldap: looking for check items in directory... > rlm_ldap: looking for reply items in directory... > Invalid operator for item User-Password: reverting to '==' > rlm_ldap: user philippe authorized to use remote access > rad_check_password: Found Auth-Type USERS > auth: type "USERS" > modcall: entering group authtype > rlm_ldap: - authenticate > rlm_ldap: login attempt by "philippe" with password "philippe" > rlm_ldap: user DN: uid=philippe,ou=Users,dc=e-qual,dc=fr > rlm_ldap: (re)connect to 192.168.1.53:389, authentication 1 > rlm_ldap: bind as uid=philippe,ou=Users,dc=e-qual,dc=fr/philippe to > 192.168.1.53:389 > rlm_ldap: waiting for bind result ... > rlm_ldap: uid=philippe,ou=Users,dc=e-qual,dc=fr bind to 192.168.1.53:389 > failed Insufficient access > rlm_ldap: ldap_connect() failed > modcall[authenticate]: module "ldap1" returns fail > modcall: group authtype returns fail > auth: Failed to validate the user. > Login incorrect: [philippe/philippe] (from client testing port 0) OK, so you configured your server to do ldap authentication (ldap bind operation). That way, your extracted user password will *never* be used. Configure it to do authentication using the pap module and it will work just fine. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html