LDAP, SASL GSSAPI, and group membership, rebind fails
Alan DeKok
aland at deployingradius.com
Thu Sep 29 22:13:23 CEST 2016
On Sep 29, 2016, at 3:50 PM, Tom Carroll <Thomas.Carroll at pnnl.gov> wrote:
>
> Alan -
>
>> On 09/29/2016 12:39 PM, Alan DeKok wrote:
>> Fix your LDAP server so that FreeRADIUS is allowed to search it. Typically this is done by making a read-only admin account in LDAP, and using that with FreeRADIUS.
>
> That doesn't explain it. Why does the server successfully bind and search for to find user DN, than fails to bind when searching for group DNs? See below.
Ask your LDAP server. FreeRADIUS doesn't produce this message. Your LDAP server produces it.
So... If you want to fix the problem, fix your LDAP server
> Re-including freeradius -X output:
Please don't waste my time. I read that in the first message. There is no need to include it again.
As a hint for future questions, if you're asking questions here, it means you don't have the answer. So it's rude to question the people who do know the answer, and are kind enough to help you.
Alan DeKok.
More information about the Freeradius-Users
mailing list