FreeRadius LDAP group verification not working for me

Alan DeKok aland at deployingradius.com
Fri Dec 13 15:13:17 CET 2019 


> On Dec 13, 2019, at 8:57 AM, Condor via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
> 
> Hi all, i'm really brand new on freeradius. i'm using freeradius 3.0.4

  Upgrade to 3.0.20. There are a lot of fixes.

> with ldap, ldap autethication work for me fine with "o=organitation" but not with group = cn, maybe the ldap configuration is not the standart
> I'm following these thread: lists.freeradius.org/pipermail/freeradius-users/2016-December/085971.html

  Why?  The comments in the default configuration are pretty darned clear.


> For me:
> in /mods-available/ldap

  Please read the documentation: http://wiki.freeradius.org/list-help

  We don't need to see the configuration files.

> on radius -X :
> Received Access-Request Id 125 from y.y.y.y:42420 to x.x.x.x:1812 length 78 User-Name = 'usertest' User-Password = '*****' NAS-IP-Address = 127.0.1.1 NAS-Port = 0 Message-Authenticator = 0x075a82e674d1e57b22856618bd3adc87(2) Received Access-Request packet from host y.y.y.y port 42420, id=125, length=78(2)  User-Name = 'usertest'(2)  User-Password = '*****'(2)  NAS-IP-Address = 127.0.1.1(2)  NAS-Port = 0(2)  Message-Authenticator = 0x075a82e674d1e57b22856618bd3adc87(2)

  That's pretty much destroyed.  Please POST TEXT.  And NOT REFORMATTED TEXT.

  You should be able to see this in your mailer before you send the message.

> ... EXPAND o=organitation,cn=telecom(2)  ldap :    --> o=organitation,cn=telecom(2)  ldap : Performing search in 'o=organitation,cn=telecom' with filter '(uid=usertest)', scope 'sub'(2)  ldap : Waiting for search result...(2)  ERROR: ldap : Failed performing search: The specified DN wasn't found, check base_dn and identity

  That seems to be pretty clear.

  The DN isn't found.  Or, the admin user doesn't have permission to read the DN.

  Upgrade to 3.0.20.  One of the things you'll find in the default config for the "ldap" module is more documentation.  Including explicit instructions for testing the LDAP parameters using the "ldapsearch" command.

> # in the "default" server

  We don't need to see the configuration files.

  Alan DeKok.

More information about the Freeradius-Users mailing list