Authenticate to LDAP with GSSAPI

Isaac Boukris iboukris at gmail.com
Wed Jun 17 20:17:20 CEST 2015


Hi,

On Wed, Jun 17, 2015 at 2:51 AM, Alan DeKok <aland at deployingradius.com> wrote:
> On Jun 16, 2015, at 7:02 PM, Isaac Boukris <iboukris at gmail.com> wrote:
>> I can confirm the crashes are gone and it works well.
>> I still have the linkage run time issue unless I add 'sasl.c' to
>> 'rlm_ldap/all.mk.in' with v3.0 (no build-tools expert).
>
>   I've pushed a fix.

Thanks Alan!

I've made some progress with my 'LDAP not responding problem'.

If I set "SASL_SECPROPS maxssf=0" in my 'ldap.conf' file then both
'ldapsearch' and 'radiusd' won't encrypt the  search request and -
most importantly - the LDAP server answers to both of them!
So I guess we can call that 'working' for now as the admin
authentication use kerberos.

I'll try however to investigate further why 'radiusd' won't encrypt
like 'ldapsearch' does when I don't limit 'ssf'.
Also interesting  to understand how this is negotiated at sasl level
(as I'm convinced now).

Regards,
Isaac B.


More information about the Freeradius-Users mailing list