rlm_ldap : user not found
Dustin Doris
freeradius at mail.doris.cc
Mon Jun 13 15:09:32 CEST 2005
> Hello,
> i had a problem with freeradius and rlm_ldap module
> sometimes and i don' know why users couldn't authenticate on ldap server.
> I had this message in radius.log:
> Auth: Login incorrect (rlm_ldap: User not found): [dupont]
> and few seconds later the authentification is ok with the same user:
> Auth: Login OK: [dupont]
>
> Maybe a timeout problem with ldap ?
> Should i modify timeout parameters on radiusd.conf or in slapd.conf ?
> Maybe a nb of connections ?
> Sould i increase "ldap_connections_number =" parameters ?
>
> Thanks a lot
>
You really need to try to capture that in debug mode if you can. That
will tell you exactly why the user was not found and if there is any
issues such as timeouts to ldap.
If its sporadic and hard to reproduce, then it may be difficult to capture
that in debug mode. In that case, do a tcpdump or ethereal capture and
leave that running overnight or for an extended period of time.
Then, when you find that same scenario in the logs, go back to your packet
capture and compare the actual attributes coming over between the not
found and accept. With that information, you can turn on debug mode in
radius and resend the packets using radclient with the same attributes as
you found in the capture for the two scenarios.
Also, may want to send your users file and radiusd.conf ldap section
config here. Perhaps there is a matching rule in the users file that is
causing that user to sometimes be not found.
More information about the Freeradius-Users
mailing list