Help PLease

Adam Schappell aschappell at clearedgeit.com
Mon Mar 30 21:33:07 CEST 2015


Thanks for everyones help. I dont know what exactly I did but I got access
accept..

Found Auth-Type = LDAP

# Executing group from file /etc/raddb/sites-enabled/default

+- entering group LDAP {...}

[ldap] login attempt by "radius" with password "test"

[ldap] user DN:
CN=rtest,OU=Users,OU=Jetestp,OU=ClearEdge,DC=corp,DC=test,DC=com

  [ldap] (re)connect to dc1.corp.clearedgeit.com:389, authentication 1

  [ldap] bind as
CN=rtests,OU=Users,OU=test,OU=ClearEdge,DC=corp,DC=testeit,DC=com/test to
dc1.corp.clearedgeit.com:389

  [ldap] waiting for bind result ...

  [ldap] Bind was successful

[ldap] user radius authenticated succesfully

++[ldap] returns ok

# Executing section post-auth from file /etc/raddb/sites-enabled/default

+- entering group post-auth {...}

++[exec] returns noop

Sending Access-Accept of id 135 to 127.0.0.1 port 48249

Finished request 0.

Going to the next request

Waking up in 4.9 seconds.

Cleaning up request 0 ID 135 with timestamp +8

Ready to process requests.

Adam Schappell
System Administrator II
Clearedge IT Solutions, LLC
10620 Guilford Road
Jessup, MD 20794
Office:443-212-4712
Fax:443-212-4809
www.ClearEdgeIT.com <http://www.clearedgeit.com/>


On Mon, Mar 30, 2015 at 3:23 PM, <A.L.M.Buxey at lboro.ac.uk> wrote:

> Hi,
>
> > I get its failing but I do not know what else to set it to, It is the
>
> read the error. deduce the issue
>
> > [ldap] expand: (&(SAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
> ->
> > (&(SAMAccountName=radius)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> thats wehat came out of the expansion of your current config
>
> >   [ldap] performing search in dc=corp,dc=clearedgeit,dc=com, with filter
> > (&(SAMAccountName=radius)
> >
> >   [ldap] ldap_search() failed: Bad search filter:
> (&(SAMAccountName=radius)
>
> and thats the result
>
> > [ldap] search failed
>
> which means that happens
>
>
> the binding and the searching are 2 different things.  you had 'working'
> but
> failing search with uid - you've now just got a broken search
>
> I'd just hazard a guess that you should be using eg
> (&(sAMAccountName=%{Stripped-User-Name:-%{User-Name})
>
> note how upper and lower case have been chosen.
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


More information about the Freeradius-Users mailing list