I am trying to get Freeradius to authenticate against an LDAP. We have a captive portal for our wireless system that allows us to point to a radius server for authentication.

I have installed free radius on Ubuntu Linus as well as the freeradius-ldap module. In the radiusd.conf file I have set the AuthType to LDAP. Under the LDAP configuration I have configured the LDAP Server.

When I am tail the radius.log file I see the following error:

Tue Oct 28 11:26:25 2008 : Error: rlm_ldap: ldap_search() failed: Bad search filter: (posixAccount)(uid=))

This error only occurs if the filter under the LDAP configuration is set to:
filter = "(posixAccount)(uid=%u))"

With the above setting I can see the authentication requests comming through when testing the LDAP connection.

If I set the filter back to the default nothing shows up in the log file. I have listed the default below.

filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"

Unfortunately I have no way of knowing if Freeradius is even hitting the LDAP. In the client that I am using for testing I am receiving an access rejected error message.

I know that Freeradius is working because I have been able to successfully authenticate using a local unix user.

To date I have not had any luck finding good documentation on setting up LDAP authentication on Freeradius.

Any ideas?

You should leave the default filter... your group filter should look like this:

groupmembership_filter = (&(objectClass=posixGroup)(memberUid=%{Stripped-User-Name:-%{User-Name}}))

Or, you could change the filter to be:

filter = "(&(objectClass=posixAccount)(cn=%{Stripped-User-Name:-%{User-Name}}))"

The objectClass can be changed, but the syntax you have won't work. Also, are you trying to do EAP? If you set Auth-Type = ldap then it will not work. In most cases, you don't need to set that feature. You can run FreeRADIUS in debugging mode to find out if it's hitting LDAP... just type "freeradius -X" and check the output. I hope this helps a bit