Tomasz Zieleniewski wrote: > Still something is wrong. > > I have the following authorize section: ...
In which the default configuration has been massively changed. I'm not sure where else to document this: If you are not clear on how the server works, then DO NOT CHANGE THE DEFAULT CONFIGURATION. If the configuration you've created doesn't work, then it's clear that there's something missing. In that case, follow the instructions in the "man" page for how to create a working configuration. ... > Thu Jan 24 09:40:35 2008 : Debug: ++[ldap] returns ok > Thu Jan 24 09:40:35 2008 : Debug: auth: type Local Something in your local changes has set "Auth-Type := Local". Can you please explain WHY you're doing that, WHERE you found documentation saying that it was a good idea, and WHAT you think it's doing? The documentation that comes with 2.0 tries very hard to explain that setting "Auth-Type" is almost always wrong. Is there somewhere else we need to document this? In addition, you're mapping a hashed password to a clear-text password: > Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: LDAP attribute userPassword as RADIUS attribute Cleartext-Password == "{MD5}SNNMxdM+Zfvr//0yEp0DuA==" Again, this is NOT in the default configuration, and WILL NOT WORK. Start off with the default configuration. Configure the "ldap" module, and un-comment it from the "authorize" section. Your tests SHOULD work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html