>And I get: > > ++[eap] returns ok >+- entering group post-auth {...} >++[exec] returns noop >++? if (control:Tmp-String-0 == "ldap-student") > (Attribute control:Tmp-String-0 was not found) >Sending Access-Accept of id 129 to 10.127.240.217 port 1645 > >Towards the beginning of the debug output is: > >rlm_ldap: Bind was successful >rlm_ldap: performing search in ou=students, dc=ad, dc=hud, dc=ac, dc=uk, with >filter (sAMAccountName=cmsxleig) >[ldap_student] looking for check items in directory... >[ldap_student] looking for reply items in directory... >WARNING: No "known good" password was found in LDAP. Are you sure that the >user is configured correctly? >[ldap_student] user cmsxleig authorized to use remote access >rlm_ldap: ldap_release_conn: Release Id: 0 >+++[ldap_student] returns ok >+++? if (ok) >? Evaluating (ok) -> TRUE >+++? if (ok) -> TRUE >+++- entering if (ok) {...} >++++[control] returns ok >+++- if (ok) returns ok >+++ ... skipping else for request 0: Preceding "if" was taken >++- else else returns ok >++[expiration] returns noop >++[logintime] returns noop >
Can you post the whole debug, not just snipetts. Are these from the same or from different requests in the exchange? Perhaps you need use_tunneled_reply rather than this. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html