On Aug 18, 2008, at 10:41 AM, Alan DeKok wrote:
In the LDAP module? That configuration is deprecated, and isn't even
documented in 2.0.5.
Ok, I've removed that configuration bit.
What is the output of debugging mode?
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap:389, authentication 0
rlm_ldap: bind as uid=CRYPTOCARD,dc=somedomain,dc=com/somepassword to
ldap:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=somedomain,dc=com, with filter
(uid=test)
rlm_ldap: Added User-Password =
{SSHA}aZj99e5gRcpUEv26zXq7VvTa2apMdKBY44sVyg== in check items
rlm_ldap: No default NMAS login sequence
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++++[people] returns ok
+++- elsif (group-Ldap-Group ==
"cn=mgmtro,ou=groups,dc=somedomain,dc=com") returns ok
+++ ... skipping elsif for request 0: Preceding "if" was taken
++- elsif (group-Ldap-Group ==
"cn=nocryptocard,ou=groups,dc=somedomain,dc=com") returns ok
++ ... skipping else for request 0: Preceding "if" was taken
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-
Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in User-
Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type Local
auth: user supplied User-Password does NOT match local User-Password
auth: Failed to validate the user.
Hopefully this helps.
--phil
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
