[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: problem with LDAP backend
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2011-08-31 16:30:45
Message-ID: 4E5E61B5.2000601 () deployingradius ! com
[Download RAW message or body]

Frank Bonnet wrote:
> MAC addresses for some video devices in the "users" file
> as follows :
> 
> 00-06-F4-0D-08-66       Auth-Type := Local, User-Password == "xxxxxxxx"

  That's wrong.  See the debug output for reasons why.  See the FAQ for
correct examples.

> LDAP backend for "real" users at the end of the "users" file I have this
> statement
> 
> DEFAULT    Auth-Type = LDAP
>     Fall-Through = 1

  That's not needed.

> Wed Aug 31 16:52:39 2011 : Auth: rlm_ldap: Attribute "User-Password" is
> required for authentication. Cannot use "CHAP-Password".

  That's pretty clear.  The NAS is sending a CHAP request.  You can't do
that with "Auth-Type LDAP"

  Instead, list "ldap" in the "authorize" section.

  Don't set Auth-Type.  It's almost always wrong.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]