default authentication via windows active directory LDAP instead of /users
Alan DeKok
aland at deployingradius.com
Wed Mar 8 15:59:31 CET 2017
On Mar 8, 2017, at 2:28 AM, Konstantin Knaab-Hinrichs via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> Here's the "freeradius -X" (somehow it isn't radiusd -X on my side)
Debian and Redhat rename the binary. This is documented in the FAQ.
And the reason we tell you to run it in debug mode is so that you will READ THE OUTPUT.
Specifically:
>> [ldap] Bind was successful
>> [ldap] performing search in dc=$DOMAIN,dc=local, with filter (uid=$USER)
>> WARNING: Please set 'chase_referrals=yes' and 'rebind=yes'
>> WARNING: See the ldap module configuration for details
If only the server produced a USEFUL MESSAGE WHICH TOLD YOU HOW TO FIX THE PROBLEM.
> As I read the log part
>
>> [ldap] ldap_search() failed: Operations error
>> [ldap] search failed
>> [ldap] ldap_release_conn: Release Id: 0
>> ++[ldap] = fail
>> +} # group authorize = fail
>> Invalid user: [$USER] (from client localhost port 0)
You read that, and ignored the HUGE WARNING MESSAGE. The message that told you how to fix the problem.
Alan DeKok.
More information about the Freeradius-Users
mailing list