AD Authentication via python module eventually fails

Orestes Leal Rodríguez olealrd1981 at gmail.com
Wed Oct 2 23:39:24 CEST 2019 

Alan,

I mentioned in the other email it was the boss' decision. I cannot do
anything if he doesn't want to do it another way (I suggested go
through ntlm_auth but it was not chosen.

On 10/2/19, Alan Buxey <alan.buxey at gmail.com> wrote:
> hi,
>
> any reason why python is being used at all - not having seen the
> script

The script just import the ldap module, binds to a GC server to
fullfills the authentication requests and return falsoe y the password
is incorrect or the account it's not found, or true if the auth was
correct. We have two backends domains so that was the reason it was
done this way (although I had an alternative doing the same using
ntlm_auth).

not sure why you arent
> just doing everything native in FR ?
>
> alan
>
> On Wed, 2 Oct 2019 at 21:08, Orestes Leal Rodríguez
> <olealrd1981 at gmail.com> wrote:
>>
>> Hi guys,
>>
>> I have a freeradius 3.0.16 (ubuntu 18.04.3) running authenticating
>> users against an AD via ldap binds, I call a module (small python
>> program) that calls the ldap binds, etc. So this module's return value
>> indicates to the freeradius if auth was successful or not. From time
>> to time the server starts to return (maybe a month) auth failures. I
>> believe that this module loading for each auth user makes the server's
>> state change or in general leave it in a unconsistent state. The
>> module is loaded from the 'python' module putting the name of the
>> module's filename. This module is on
>> /usr/lib/python2.7/custom_module.py. This configuration was transfered
>> from another (older freeradius version, ubuntu 16.04) to this new
>> freeradius server. I suggested go through the ntlm_auth route but the
>> IT manager decided to go this route (the module using ldap binds)
>> which it works but we have this problem and the original person that
>> used the module also have. I wonder if anybody can iluminate what's
>> happening at the server state level. To fix this I have to restart the
>> freeradius process and everything start to work again so it's not
>> something on the AD side.  I suspect an 'in-memory' state or something
>> is the cause. Any ideas?
>>
>> Thanks,
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list