hi list
i was trying to deploy freeradius + openldap ,and got warning like this
(0) ldap : Processing user attributes (0) WARNING: ldap : No "known good" password added. Ensure the admin user has permission to read the password attribute (0) WARNING: ldap : PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure) rlm_ldap (ldap): Released connection (4) (0) [ldap] = ok (0) [expiration] = noop (0) [logintime] = noop (0) WARNING: pap : No "known good" password found for the user. Not setting Auth-Type (0) WARNING: pap : Authentication will fail unless a "known good" password is available (0) [pap] = noop (0) } # authorize = ok (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
the ldap account i added to radius configuration file was not the LDAP Manager account ,
but when i change the account to LDAP Manager user , the warning would not be shown again , and the pass authentication challenge.
how can i authorize a normal ldap account can read userPassword attribute , then i can add the account to those system which need LDAP .
openldap-technical@openldap.org