rlm_ldap issue

Alex Moen alexm at ndtel.com
Tue Mar 15 17:30:32 CET 2016


Hi all,

I am building a new radius server on Centos7 and configuring for LDAP 
auth.  I have an older version running on a different server, and have 
brought over my configs and adjusted to the new version requirements 
(for instance, adding the ipaddr attribute to all the client stanzas). 
However, I seem to be having an issue with the rlm_ldap module, and the 
ldap config itself.  BTW, ran all updates this morning, so everything 
should be at the latest versions (from the repositories, anyway). 
FreeRADIUS Version 3.0.4 is what is now installed.

So, here's my ldap file from the old server (that works properly):

---------------------------------------------
ldap rg600-1 {
         server = "10.255.255.40"
         identity = "cn=admin,o=ourorg"
         password = r!da2Lp
         basedn = "ou=administration,o=ourorg"
         filter = "(uid=%u)"
         ldap_connections_number = 5
         timeout = 4
         timelimit = 3
         net_timeout = 1
         tls {
                 start_tls = no
         }
         access_attr = "uid"
         dictionary_mapping = ${confdir}/ldap.attrmap
         edir_account_policy_check = no
         groupname_attribute = gidnumber
         groupmembership_attribute = gidNumber
}
---------------------------------------------

I copied this file exactly to the new server.

To test connectivity, I ran (on the new server):

---------------------------------------------
ldapsearch  -x -W -D "cn=admin,o=ourorg" -b "ou=administration,o=ourorg" 
objectclass=*
---------------------------------------------

and, when asked, provided the r!da2Lp password, and successfully got the 
list of all objects... indicating that the connectivity, username, and 
password are perfectly correct.

When I run radiusd -X -d /etc/raddb, I get the following end result of 
debug lines:

---------------------------------------------
...
rlm_ldap (rg600-1): Opening additional connection (0)
rlm_ldap (rg600-1): Connecting to 10.255.255.40:389
rlm_ldap (rg600-1): Waiting for bind result...
rlm_ldap (rg600-1): Bind credentials incorrect: Invalid credentials
rlm_ldap (rg600-1): Opening connection failed (0)
rlm_ldap (rg600-1): Removing connection pool
---------------------------------------------

indicating, I believe, a bad password or bad user ID.

I have a feeling that the "!" in the password is causing issues.  I have 
surrounded the password with single quotes, double quotes, ticks, and 
have escaped the ! with \, all to no avail.

I cannot really change the password, as so many systems are using it 
that it is prohibitive.

Anyone have any ideas?  I'll supply any other required data...

Thanks!

Alex

-- 
Alex Moen
NSTII
North Dakota Telephone Company
701-662-6481


More information about the Freeradius-Users mailing list