LDAP + SASL Freeradius 3.0.11
a.cudbardb at freeradius.org
Sun May 15 18:14:18 CEST 2016
> On 15 May 2016, at 12:01, Matthew Beckler <mbeckler at overturecenter.org> wrote:
> From: Isaac Boukris <iboukris at gmail.com>
> Sent: Friday, May 13, 2016 11:47 AM
> To: FreeRadius users mailing list
> Subject: Re: LDAP + SASL Freeradius 3.0.11
>> Let's leave client keytab aside, if you run 'kinit' followed by
>> 'radiusd -X' does it work (identity commented out)?
>> And makes sure to specify correct FQDN of the DC server.
> Same error. Ldapsearch did work after I tried freeradius -X
> So What I did was this :
> sudo kinit ldaplookup
> sudo freeradius -X
Try with v3.1.x just in case some fixes went in there.
You also may need to specify keytab location and various other bits as environmental variables.
# SASL parameters to use for admin binds
# When we're prompted by the SASL library, the config items in the SASL
# section (in addition to the identity password config items above)
# determine the responses given.
# If any directive is commented out, a NULL response will be
# provided to cyrus-sasl.
# Unfortunately the only way to control Keberos here is through
# environmental variables, as cyrus-sasl provides no API to
# set the kerberos (libkrb5) config directly.
# Full documentation for MIT krb5 can be found here:
# At a minimum you probably want to set KRB5_CLIENT_KTNAME.
# SASL mechanism
# mech = 'PLAIN'
# SASL authorisation identity to proxy.
# proxy = 'autz_id'
# SASL realm. Used for kerberos.
# realm = 'example.org'
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Freeradius-Users