<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi Ortega,<br>
<br>
With user administrator not worked. look log file<br>
<br>
[ldap] performing user authorization for test
<br>
[ldap] expand:
(&(objectClass=user)(sAMAccountName=%{User-Name})) ->
(&(objectClass=user)(sAMAccountName=test))
<br>
[ldap] expand: dc=batlab,dc=corp -> dc=batlab,dc=corp
<br>
[ldap] ldap_get_conn: Checking Id: 0
<br>
[ldap] ldap_get_conn: Got Id: 0
<br>
[ldap] attempting LDAP reconnection
<br>
[ldap] closing existing LDAP connection
<br>
[ldap] (re)connect to 192.168.0.4:389, authentication 0
<br>
[ldap] bind as /XXXXX to 192.168.0.4:389
<br>
[ldap] waiting for bind result ...
<br>
[ldap] Bind was successful
<br>
[ldap] performing search in dc=batlab,dc=corp, with filter
(&(objectClass=user)(sAMAccountName=test))
<br>
<big> [ldap] ldap_search() failed: Operations error
<br>
[ldap] search failed
</big><br>
[ldap] ldap_release_conn: Release Id: 0
<br>
++[ldap] returns fail<br>
<br>
Any Idea<br>
<br>
Em 06/14/13 03:40, Roberto Ortega Ramiro escreveu:<br>
</div>
<blockquote
cite="mid:CADFe3m9-RaU6biFSH=bPmNBd8_K8LOM1Um5XocUirjhXkhUPjw@mail.gmail.com"
type="cite">Hi, i'm starter here but, the user freeradius in your
ldap must be able to read user's passwords.
<div><br>
</div>
<div>Try with administrator in /etc/raddb/modules/ldap and if it
works, the user freeradius won't has rigths for this.</div>
<div><br>
</div>
<div>By <span></span><br>
<br>
El viernes, 14 de junio de 2013, ricardobarbosams escribió:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Hi.<br>
<br>
Executing ldapsearch with user freeradius<br>
<br>
root@maxwell:~# ldapsearch -LLL -x -h 192.168.0.4 -b
"dc=batlab,dc=corp" -D "CN=freeradius,OU=noc,OU=batlab,DC=batlab,DC=corp"
-W "(sAMAccountName=administrator)" cn<br>
Enter LDAP Password:<br>
dn: CN=Administrator,CN=Users,DC=batlab,DC=corp<br>
cn: Administrator<br>
<br>
<br>
Its Works.<br>
<br>
Regards.<br>
<br>
Em 06/13/13 03:37, Iliya Peregoudov escreveu:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
On 12.06.2013 4:19, ricardobarbosams wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
No my filter is<br>
<br>
filter = "(&(objectClass=user)(sAMAccountName=%{User-Name}))"<br>
</blockquote>
<br>
I do not talk about filter, I do talk about binding to the
directory. Your ldapsearch binds to the directory using one
user and your radiusd binds to directory as another user.
These users can have different authorization levels in the
directory server. Directory may allow to retrieve objects to
<a class="moz-txt-link-abbreviated" href="mailto:user2@batlab.corp">user2@batlab.corp</a> user but disallow it to
CN=freeradius,OU=noc,OU=batlab,DC=batlab,DC=corp user.<br>
<br>
Configure radiusd to use the <a class="moz-txt-link-abbreviated" href="mailto:user2@batlab.corp">user2@batlab.corp</a> user to bind
to the directory and you'll get same results as with
ldapsearch.<br>
-<br>
List info/subscribe/unsubscribe? See <a
moz-do-not-send="true"
href="http://www.freeradius.org/list/users.html"
target="_blank">http://www.freeradius.org/list/users.html</a><br>
<br>
</blockquote>
<br>
-<br>
List info/subscribe/unsubscribe? See <a
moz-do-not-send="true"
href="http://www.freeradius.org/list/users.html"
target="_blank">http://www.freeradius.org/list/users.html</a><br>
</blockquote>
</div>
<br>
<br>
-- <br>
<div dir="ltr"><span style="font-family:arial;font-size:small">-- </span><br
style="font-family:arial;font-size:small">
<span style="font-family:arial;font-size:small">Un saludo.</span><br
style="font-family:arial;font-size:small">
<span style="font-family:arial;font-size:small">____________________</span><br
style="font-family:arial;font-size:small">
<br style="font-family:arial;font-size:small">
<span style="font-family:arial;font-size:small">Roberto Ortega</span><br
style="font-family:arial;font-size:small">
<span style="font-family:arial;font-size:small">Profesor de
Informática.</span><br
style="font-family:arial;font-size:small">
<a moz-do-not-send="true" href="http://www.proyectoret.es/"
style="color:rgb(17,85,204);font-family:arial;font-size:small"
target="_blank">http://www.proyectoret.es</a><br
style="font-family:arial;font-size:small">
<br style="font-family:arial;font-size:small">
<span style="font-family:arial;font-size:small">Escuelas San
José Valencia</span><br
style="font-family:arial;font-size:small">
<span style="font-family:arial;font-size:small">Avd.Cortes
Valencianas nº1</span><br
style="font-family:arial;font-size:small">
<span style="font-family:arial;font-size:small">46015 Valencia</span><br
style="font-family:arial;font-size:small">
<span style="font-family:arial;font-size:small">R4600489A</span><br
style="font-family:arial;font-size:small">
<span style="font-family:arial;font-size:small">Tf:963499011
ext. 262</span><br style="font-family:arial;font-size:small">
<span style="font-family:arial;font-size:small">Fax:963488835</span><br
style="font-family:arial;font-size:small">
<a moz-do-not-send="true" href="http://www.escuelassj.com/"
style="color:rgb(17,85,204);font-family:arial;font-size:small"
target="_blank">http://www.escuelassj.com</a><br
style="font-family:arial;font-size:small">
<br style="font-family:arial;font-size:small">
<span style="font-family:arial;font-size:small">No imprimas este
correo si no es necesario. Protejamos el medio ambiente.</span><br>
</div>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a></pre>
</blockquote>
<br>
</body>
</html>