Description of situation first, freeradius question at the end: I am doing plain user/pass authentication against an LDAP server using ldapsearch:
$ ldapsearch -H ldap://XXXXXXXX -b 'o=XXXXXXXXXXXXX,c=us' -D 'uid=XXXXX,o=XXXXXXXXXXXXXX,c=us' -x -W uid=XXXXX Enter LDAP Password: [snip] result: 0 Success [snip] The packet trace looks like this: #################################################### No. Time Source Destination Protocol Info 4 0.001468 somecomputer.somedomain.com someserver.somedomain.com LDAP MsgId=1 Bind Request, DN=uid=XXXXX,o=YYYYYYYYYY,c=us Frame 4 (123 bytes on wire, 123 bytes captured) Internet Protocol, Src Addr: somecomputer.somedomain.com (XXX.YYY.ZZZ.38), Dst Addr: someserver.somedomain.com (AAA.BBB.CCC.18) Lightweight Directory Access Protocol LDAP Message, Bind Request Message Id: 1 Message Type: Bind Request (0x00) Message Length: 50 Response In: 6 Version: 3 DN: uid=XXXXX,o=YYYYYYYYYY,c=us Auth Type: Simple (0x00) Password: 1234567890 No. Time Source Destination Protocol Info 6 0.067801 someserver.somedomain.com somecomputer.somedomain.com LDAP MsgId=1 Bind Result Frame 6 (96 bytes on wire, 96 bytes captured) Internet Protocol, Src Addr: someserver.somedomain.com (AAA.BBB.CCC.18), Dst Addr: somecomputer.somedomain.com (XXX.YYY.ZZZ.38) Lightweight Directory Access Protocol LDAP Message, Bind Result Message Id: 1 Message Type: Bind Result (0x01) Message Length: 23 Response To: 4 Time: 0.066333000 seconds Result Code: success (0x00) Matched DN: (null) Error Message: +0gg4KMBV5FZkjyC #################################################### I don't really care about any information that's returned, I only want to authenticate against LDAP. Can I configure freeradius to do the same? I tried a few configurations in radiusd.conf but everything seems to trigger a behaviour that's different from ldapsearch. LDAP is currently used to authenticate various things, and I'd like to point a Radius server to it to use the same user passwords. -- Florin Andrei http://florin.myip.org/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html