Dean, Barry wrote: ... > [ldap] performing search in OU=UOL,DC=adserer,DC=liv,DC=ac,DC=uk, with > filter (sAMAccountName=user) > [ldap] looking for check items in directory... > [ldap] looking for reply items in directory... > WARNING: No "known good" password was found in LDAP. Are you sure that the > user is configured correctly?
I mean, really... what's the issue? ... > [pap] WARNING! No "known good" password found for the user. Authentication > may fail because of this. That should be a hint. Paste the debugging output into the form at: > ++[pap] returns noop > No authenticate method (Auth-Type) configuration found for the request: > Rejecting the user > Failed to authenticate the user. > Login incorrect: [user] (from client EZProxy port 0) > } # server radius > Using Post-Auth-Type Reject > +- entering group REJECT {...} > [attr_filter.access_reject] expand: %{User-Name} -> user > attr_filter: Matched entry DEFAULT at line 11 > ++[attr_filter.access_reject] returns updated > Delaying reject of request 0 for 1 seconds > Going to the next request > Waking up in 0.9 seconds. > rad_recv: Access-Request packet from host 192.168.0.10 port 63775, id=111, > length=49 > Waiting to send Access-Reject to client EZProxy port 63775 - ID: 111 > Sending delayed reject for request 0 > Sending Access-Reject of id 111 to 192.168.0.10 port 63775 > Waking up in 4.9 seconds. > Cleaning up request 0 ID 111 with timestamp +32 > >>> I presume: >>> >>> if (!EAP-Message) { >>> ldap >>> } >>> >>> Fails to set Auth-Type LDAP? >> Yes. It *shouldn't*, either. That was a mistake from 1.x. > > I have seen the dire warnings about "Don't set Auth-Type = LDAP" so I > have not ventured there as I am sure there are dragons. > > ---------------------- > Barry Dean > Principal Programmer/Analyst > Networks Group > Computing Services Department > Tel: 0151 795 9540 > > > > ------------------------------------------------------------------------ > > > ------------------------------------------------------------------------ > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html