LDAP + CHAP

Wed Mar 5 16:40:26 CET 2014

so as an example, I changed the user adamjseed password to oracle and it
works, then changed it to oracle01 and it doesnt and then to oracle9999
which does... all of which are passwords I have never used before in this
setup.

Is there anymore debugging I can enable?

On Wed, Mar 5, 2014 at 3:30 PM, Adam Seed <adamjseed at gmail.com> wrote:

> ok, something very strange is going on!!!!
>
> so I have been fiddling around with it getting a mix of accepted and
> rejected commands and the only thing I have pined it down to is the
> password...
> Some passwords work, some dont im not sure if there is some kind of
> caching going on. It appears my older passwords i was using during inital
> testing dont work...
>
> The password I get back from ldap in the debug is always correct and
> matches what I have put into the test utility but some get rejected. Any
> ideas why?
>
>
>
>
>
> On Wed, Mar 5, 2014 at 1:18 PM, Alan DeKok <aland at deployingradius.com>wrote:
>
>> Adam Seed wrote:
>> > I have two users:
>> >
>> > cn=adamjseed,ou=users,dc=adamjseed,dc=co,dc=uk
>> > cn=guest,ou=users,dc=adamjseed,dc=co,dc=uk
>> >
>> > what's important is that the uid=cn in both cases
>> >
>> > guest works where adamjseed doesnt, if I change the uid (not cn) of
>> > adamjseed to adamjseed1 it then does work.
>> >
>> > im guessing its conflicting with the dn?
>>
>>   I don't see how.  FreeRADIUS just queries LDAP for a password.
>> FreeRADIUs doesn't care about cn, dn, or anything else.  LDAP returns
>> the password, and FreeRADIUS uses it.
>>
>>   Run the queries manually.  Be sure that LDAP is returning the correct
>> password in both cases.
>>
>>   Alan DeKok.
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140305/711b3e0f/attachment-0001.html>