LDAP + Active Directory Authentication Issue
Luke Ramsden
lukermsdn at gmail.com
Thu Dec 12 19:48:47 CET 2013
Hi, I am trying to authenticate users against Active Directory using LDAP.
I can perform the initial bind using an ldap bind account. I can then
successfully find the Distinguished Name in Active Directory given a domain
user's username. I would now like to re-bind using that Distinguished Name
in order to authenticate the password they supplied as described in point 4
here:
http://thecarlhall.wordpress.com/2011/01/04/ldap-authentication-authorization-dissected-and-digested/
The problem I am having is my server errors out with 'No Auth-Type found'
come authentication time. I added 'set_auth_type = yes' to
mods-available/ldap but it seems to have had no effect.
I am very new to this so am still finding my feet - can anyone help?
Subset of output from terminal (redacted some personal info):
(0) ldap : Performing search in 'ou=Users,dc=example,dc=domain,dc=com' with
filter '(uid=example-user)'
(0) ldap : Waiting for search result...
(0) ldap : User object found at DN
"CN=Name,OU=Users,DC=example,DC=domain,DC=com"
rlm_ldap (ldap): Released connection (4)
rlm_ldap (ldap): Closing connection (0): Too many free connections (5 > 3)
(0) [ldap] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix : No '@' in User-Name = 'example-user', looking up realm NULL
(0) suffix : No such realm "NULL"
(0) [suffix] = noop
(0) eap : No EAP-Message, not doing EAP
(0) [eap] = noop
(0) [files] = noop
(0) [expiration] = noop
(0) [logintime] = noop
(0) WARNING: pap : No "known good" password found for the user. Not setting
Auth-Type.
(0) WARNING: pap : Authentication will fail unless a "known good" password
is available.
(0) [pap] = noop
(0) } # authorize = ok
(0) ERROR: No Auth-Type found: rejecting the user via Post Auth-Type =
Reject
(0) Failed to authenticate the user.
(0) Using Post-Auth-Type Reject
Many thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20131212/24e07529/attachment.html>
More information about the Freeradius-Users
mailing list