>> >> Freeradius and eDirectory work like a charm when I use it for Cisco- >> >> VPN >> >> authentication. >> > >> > Which is likely PAP (i.e. clear-text password). >> > >> > >> >> rlm_ldap: Error reading Universal Password.Return Code = -1635 >> > >> > Go fix that. >> > >> > eDirectory isn't returning the password. Therefore, FreeRADIUS >> > doesn't have it, and cannot authenticate anyone. >> >> Turn on universal password and allow user to retrieve password in your >> universal password policy. >> Then reset their password using imanager or via ldap and try again. >> > the strange thing is that I've never used anything else than universal > password and my universal password policy does allow the user to read > the password.
There is a link to the document explaining how to set this up in ldap module. Have you read that? > I get the same error with the working Cisco-VPN configuration, see the > debug output: > Yes, but ... > Ready to process requests. > rad_recv: Access-Request packet from host 10.99.4.1:1025, id=161, > length=142 > User-Name = "dfuernsin" > User-Password = "xxxxxx" > NAS-Port = 172 > Service-Type = Framed-User > Framed-Protocol = PPP > Called-Station-Id = "10.99.4.1" > Calling-Station-Id = "10.3.4.97" > NAS-Port-Type = Virtual > Tunnel-Client-Endpoint:0 = "10.3.4.97" > NAS-IP-Address = 10.99.4.1 > Cisco-AVPair = "ip:source-ip=10.3.4.97" It's a PAP request. ... > rlm_ldap: bind as cn=dfuernsin,ou=ITS,ou=People,o=TGM/xxxxxx to > localhost:389 > rlm_ldap: waiting for bind result ... > rlm_ldap: Bind was successful > rlm_ldap: user dfuernsin authenticated succesfully ... And you are doing "bind as user" authentication. > I guess that cannot be the problem then... Yes, it can. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
