Yet Another PEAP-MSCHAPV2 problem
Matthew Newton
mcn4 at leicester.ac.uk
Mon Sep 21 22:51:24 CEST 2015
On Mon, Sep 21, 2015 at 03:34:19PM -0500, Alex Moen wrote:
> >When you bind as the same account FR binds as and do a search as
> >below, does it find anything?
> >
> >>(19) ldap: Performing search in "o=ndtc" with filter "(uid=debio)", scope "sub"
>
> [root at ndtc-fs]# ldapsearch -x -H ldap://66.163.129.140 -D
> 'cn=admin,o=ndtc' -W -b 'uid=debio at ndtel.com,ou=ndtel,o=ndtc' -s sub
How about the same search base/filter that FreeRADIUS is doing?
$ ldapsearch -x -H ldap://66.163.129.140 -D 'cn=admin,o=ndtc' -W -b 'o=ndtc' -s sub '(uid=debio)'
> # extended LDIF
...
> # debio at ndtel.com, ndtel, ndtc
> dn: uid=debio at ndtel.com,ou=ndtel,o=ndtc
> uid: debio at ndtel.com
This isn't 'debio' - and I'm pretty sure that LDAP won't match
just part of a field? AD here certainly doesn't seem to.
What does the other record look like?
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list