Freeradius +LDAP + Active Directory + Authenticate Only questions

William Segura W.Segura at F5.com
Mon Jan 21 16:41:59 CET 2008 

Thanks, I got it working. Is there a reason that the ldap search that
rlm_ldap performs functions differently  from ldapsearch? With
ldapsearch I can do a search without specifying an OU but with rlm_ldap,
it fails? I do not have control of the Active Directory server here so I
cannot apply the dsHeuristics setting as specified in the rlm_ldap docs.


-----Original Message-----
From: freeradius-users-bounces+w.segura=f5.com at lists.freeradius.org
[mailto:freeradius-users-bounces+w.segura=f5.com at lists.freeradius.org]
On Behalf Of Alan DeKok
Sent: Friday, January 18, 2008 1:05 AM
To: FreeRadius users mailing list
Subject: Re: Freeradius +LDAP + Active Directory + Authenticate Only
questions

William Segura wrote:
> I am trying to setup Freeradius to authenticate against an active
> directory server.

  Only "bind as user" will work, and even then not always.

> Here are the relevant files:

  Please do not post configuration files to the list.

> Radius Log:
...
> rad_recv: Access-Request packet from host 127.0.0.1:35655, id=159,
> length=58
> 	User-Name = "user1"
> 	User-Password = "\204\016V\332\226\325\007\347\254Hm\262}B\321M"

  Your shared secret is wrong.  Fix it.

>   modcall[authorize]: module "preprocess" returns ok for request 0
> rlm_pap: WARNING! No "known good" password found for the user.
> Authentication may fail because of this.
>   modcall[authorize]: module "pap" returns noop for request 0

  You have re-ordered the modules in the "authorize" section.  Why?  Do
you understand what the PAP module does?

> rlm_ldap: Bind failed with invalid credentials

  Because the password was wrong.  The password *should* be visible in
debugging mode.  It should NOT be binary garbage.

> auth: Failed to validate the user.
>   WARNING: Unprintable characters in the password. ?  Double-check the
> shared secret on the server and the NAS!

  Perhaps this message might be useful.  Did you read it?  Did you
follow it's instructions?

  Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list