Config. Help please - ldap and Active Directory

tnt at kalik.net tnt at kalik.net
Wed Mar 11 14:48:12 CET 2009


>And I get:
>
> ++[eap] returns ok
>+- entering group post-auth {...}
>++[exec] returns noop
>++? if (control:Tmp-String-0 == "ldap-student")
>    (Attribute control:Tmp-String-0 was not found)
>Sending Access-Accept of id 129 to 10.127.240.217 port 1645
>
>Towards the beginning of the debug output is:
>
>rlm_ldap: Bind was successful
>rlm_ldap: performing search in ou=students, dc=ad, dc=hud, dc=ac, dc=uk, with filter (sAMAccountName=cmsxleig)
>[ldap_student] looking for check items in directory...
>[ldap_student] looking for reply items in directory...
>WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?
>[ldap_student] user cmsxleig authorized to use remote access
>rlm_ldap: ldap_release_conn: Release Id: 0
>+++[ldap_student] returns ok
>+++? if (ok)
>? Evaluating (ok) -> TRUE
>+++? if (ok) -> TRUE
>+++- entering if (ok) {...}
>++++[control] returns ok
>+++- if (ok) returns ok
>+++ ... skipping else for request 0: Preceding "if" was taken
>++- else else returns ok
>++[expiration] returns noop
>++[logintime] returns noop
>

Can you post the whole debug, not just snipetts. Are these from the same
or from different requests in the exchange? Perhaps you need
use_tunneled_reply rather than this.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list