FR 3.0 with eDir
Hubert Kupper
kupper at uni-landau.de
Sat Dec 7 18:38:53 CET 2013
Am 06.12.2013 15:29, schrieb Arran Cudbard-Bell:
> On 6 Dec 2013, at 05:50, Hubert Kupper <kupper at uni-landau.de> wrote:
>
>> Am 05.12.2013 12:46, schrieb Arran Cudbard-Bell:
>>>>> Yes, one of our testers reported the current code works fine against eDirectory.
>>>>>
>>>>> I'll fix up the debug output so you get a more verbose error message at least.
>>> Done. Let me know what error you get.
>>>
>>> -Arran
>> Hi Arran,
>>
>> thanks for the fix. Now I get the following error:
>> --------
>> (3) [preprocess] = ok
>> (3) [mschap] = noop
>> (3) suffix : No '@' in User-Name = "foo", looking up realm NULL
>> (3) suffix : Found realm "NULL"
>> (3) suffix : Adding Stripped-User-Name = "foo"
>> (3) suffix : Adding Realm = "NULL"
>> (3) suffix : Authentication realm is LOCAL.
>> (3) [suffix] = ok
>> (3) eap : EAP packet type response id 3 length 6
>> (3) eap : No EAP Start, assuming it's an on-going EAP conversation
>> (3) [eap] = updated
>> (3) [files] = noop
>> rlm_ldap (ldap): Reserved connection (4)
>> (3) ldap : expand: "(cn=%{%{Stripped-User-Name}:-%{User-Name}})" -> '(cn=foo)'
>> (3) ldap : expand: "o=testo" -> 'o=testo'
>> (3) ldap : Performing search in 'o=testo' with filter '(cn=foo)'
>> (3) ldap : Waiting for search result...
>> (3) ldap : User object found at DN "cn=foo,ou=testou,o=testo"
>> (3) ERROR: ldap : Failed to retrieve eDirectory password: Other (e.g., implementation specific) error
>> rlm_ldap (ldap): Released connection (4)
> I don't have access to an eDirectory implementation to debug.
>
> Could you provide packet traces (in the clear)? Set the connection pool to 1, and run a couple of
> requests few to ensure it doesn't bind, and expose your admin credentials.
>
> -Arran
>
Ok, I'll be out of office next week. I do the packet traces when I'm back.
Regards,
Hubert
More information about the Freeradius-Users
mailing list