LDAP Operations Error
Ben Humpert
ben at an3k.de
Thu Jun 18 22:42:54 CEST 2015
Thu Jun 18 16:02:46 2015 : Debug: [ldap] performing search in
ou=users,dc=darden,dc=com, with filter (uid=SYEDRA)
Thu Jun 18 16:02:46 2015 : Error: [ldap] ldap_search() failed:
Operations error
Thu Jun 18 16:02:46 2015 : Info: [ldap] search failed
Are you sure the search is correct? Is it users and not Users?
2015-06-18 22:05 GMT+02:00 Syed Rais Ahmad NON DRI <SAhmad at darden.com>:
> In my FreeRadius configuration, ntlm_auth gives me successful search output:
>
> [root at rscradiuspr01 samba]# ntlm_auth --request-nt-key --domain=DRI_NT1 --username=SYEDRA
> password:
> NT_STATUS_OK: Success (0x0)
>
> However, RADIUS rejects the user:
>
> Thu Jun 18 16:02:46 2015 : Debug: [ldap] waiting for bind result ...
> Thu Jun 18 16:02:46 2015 : Debug: [ldap] Bind was successful
> Thu Jun 18 16:02:46 2015 : Debug: [ldap] performing search in ou=users,dc=darden,dc=com, with filter (uid=SYEDRA)
> Thu Jun 18 16:02:46 2015 : Error: [ldap] ldap_search() failed: Operations error
> Thu Jun 18 16:02:46 2015 : Info: [ldap] search failed
> Thu Jun 18 16:02:46 2015 : Debug: [ldap] ldap_release_conn: Release Id: 0
> Thu Jun 18 16:02:46 2015 : Info: ++[ldap] returns fail
> Thu Jun 18 16:02:46 2015 : Info: Using Post-Auth-Type Reject
> Thu Jun 18 16:02:46 2015 : Info: # Executing group from file /etc/raddb/sites-enabled/default
> Thu Jun 18 16:02:46 2015 : Info: +- entering group REJECT {...}
> Thu Jun 18 16:02:46 2015 : Info: [attr_filter.access_reject] expand: %{User-Name} -> SYEDRA
> Thu Jun 18 16:02:46 2015 : Debug: attr_filter: Matched entry DEFAULT at line 11
> Thu Jun 18 16:02:46 2015 : Info: ++[attr_filter.access_reject] returns updated
> Thu Jun 18 16:02:46 2015 : Info: Delaying reject of request 1 for 1 seconds
> Thu Jun 18 16:02:46 2015 : Debug: Going to the next request
>
> What could be the cause of this reject?
>
> Thanks.
> This e-mail message is for the sole use of the intended recipient and may contain information that is confidential, proprietary or privileged. Any unauthorized review, use, distribution, copying or disclosure is strictly prohibited. If you are not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, please notify sender of the delivery error by replying to this message and then delete it from your system. Receipt by anyone other than the intended recipient is not a waiver of confidentiality or privilege.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list