multiple ldap servers
Tobias Hachmer
lists at kokelnet.de
Sat May 5 10:36:10 CEST 2012
On 05/05/2012 01:40 AM, jeff donovan wrote:
> greetings
> sorry
> i snipped the bottom off , I didn't think it relevant since nothing happened after it tried to auth on ldap1.
>
> Failed to authenticate the user.
> Using Post-Auth-Type Reject
> # Executing group from file /etc/freeradius/sites-enabled/default
> +- entering group REJECT {...}
> [attr_filter.access_reject] expand: %{User-Name} -> drfoo
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 2 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 2
> Sending Access-Reject of id 158 to 10.135.1.15 port 65478
> Waking up in 4.9 seconds.
> Cleaning up request 2 ID 158 with timestamp +22
> Ready to process requests.
>
Hi Jeff,
are you sure you configured your ldap modules right?
For me it seems you don't because your ldap bind fails. configure your
ldap1 module for the ldap1 server with a bind user which exists on ldap
server 1. In debug output your ldap1 module references with a user dn in
"cn=users,dc=ldap2,dc=example.com". Is this correct or have it to be
"cn=users,dc=ldap1,dc=example.com" ?
As I tried to explain before it's not the authentication of the user in
radius request which fails but the bind user so the ldap module wasn't
able to check the user credentials! Please reread the ldap documentation
if this is unclear...
Regards,
Tobias Hachmer
More information about the Freeradius-Users
mailing list