aprotector wrote: > I've been trying to get my freeradius server to work with an Netscape LDAP > server and authenticate users when they connect via VPN to our Sonicwall > gateway. I have set the Sonicwall as a client so the radius recognizes it > and then adjusted the radiusd.conf. However, when I try to authenticate an > LDAP user from the sonicwall it will say the authentication failed and the > radius shows the following messages:
And no reference to "ldap". > +- entering group authorize > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL > rlm_realm: No such realm "NULL" > ++[suffix] returns noop > rlm_eap: No EAP-Message, not doing EAP > ++[eap] returns noop > ++[unix] returns notfound > ++[files] returns noop > ++[expiration] returns noop > ++[logintime] returns noop > rlm_pap: WARNING! No "known good" password found for the user. > Authentication may fail because of this. > ++[pap] returns noop > auth: No authenticate method (Auth-Type) configuration found for the > request: Rejecting the user So... you have a user in LDAP, and you didn't uncomment the references to "ldap" in the "authorize" section. i.e. you have a user in LDAP, and you didn't tell the server to look in the LDAP database. > If I uncomment a local user account on the Radius box and then try > authenticating from the Sonicwall with this it will succeed. It just doesn't > seem to want to go to the LDAP server and then back to the Sonicwall. Has > anyone had any experience with this sort of setup, and might be able to shed > some light on how I can set it up to use LDAP for the authentication? $ grep ldap raddb/* raddb/*/* Read. Edit. Run. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html