William Segura wrote: > I am trying to setup Freeradius to authenticate against an active > directory server.
Only "bind as user" will work, and even then not always. > Here are the relevant files: Please do not post configuration files to the list. > Radius Log: ... > rad_recv: Access-Request packet from host 127.0.0.1:35655, id=159, > length=58 > User-Name = "user1" > User-Password = "\204\016V\332\226\325\007\347\254Hm\262}B\321M" Your shared secret is wrong. Fix it. > modcall[authorize]: module "preprocess" returns ok for request 0 > rlm_pap: WARNING! No "known good" password found for the user. > Authentication may fail because of this. > modcall[authorize]: module "pap" returns noop for request 0 You have re-ordered the modules in the "authorize" section. Why? Do you understand what the PAP module does? > rlm_ldap: Bind failed with invalid credentials Because the password was wrong. The password *should* be visible in debugging mode. It should NOT be binary garbage. > auth: Failed to validate the user. > WARNING: Unprintable characters in the password. ? Double-check the > shared secret on the server and the NAS! Perhaps this message might be useful. Did you read it? Did you follow it's instructions? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html