Hi, > I should have tried that mapping. > > HOWEVER > > It still doesn't work. > I can perform radtest queries username/LDAPpassword, and I get the accept > response. > If I use the query with username/remotepassword, I get rejected.
Okay, I can't verify what I propose now, so I might be wrong, but: ldap is usually called twice: during authorize and authenticate. authorize is the section that pulls attributes out of LDAP using ldap.attrmap and is the one you need. In authenticate, it tries a bind with the user's name and password. This is NOT what you want, because the bind will fail. You could try to _comment out_ the following lines from your authenticate section Auth-Type LDAP { ldap } so that the bind isn't attempted. Not sure if that's enough though, since the ldap in authroze will set Auth-Type to LDAP by itself... But if it doesn't, someone else would need to jump in, that's beyond my experience. Maybe it's necessary to set Auth-Type to PAP in the users file manually then. Greetings, Stefan Winter -- Stefan WINTER Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche - Ingénieur de recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html