Sorry I had to reboot after I uncommented them sections. +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "aschappell", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop [sql] expand: %{User-Name} -> aschappell [sql] sql_set_user escaped user --> 'aschappell' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'aschappell' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'aschappell' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 [sql] User aschappell not found ++[sql] returns notfound [ldap] performing user authorization for aschappell [ldap] expand: %{Stripped-User-Name} -> [ldap] ... expanding second conditional [ldap] expand: %{User-Name} -> aschappell [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=aschappell) [ldap] expand: dc=corp,dc=clearedge,dc=com -> dc=corp,dc=clearedge,dc=com [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] attempting LDAP reconnection [ldap] (re)connect to corp.clearedgeit.com:389, authentication 0 [ldap] bind as cn=Adam L. Schappell,ou=Domain Admins,ou=Users,ou=Jessup,ou=ClearEdge,dc=corp,dc=clearedge,dc=com/Schappell##113 to corp.clearedgeit.com:389 [ldap] waiting for bind result ... [ldap] LDAP login failed: check identity, password settings in ldap section of radiusd.conf [ldap] (re)connection attempt failed [ldap] search failed [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns fail Using Post-Auth-Type Reject # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> aschappell attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 5 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 5 Sending Access-Reject of id 145 to 127.0.0.1 port 41581 Waking up in 4.9 seconds. Cleaning up request 5 ID 145 with timestamp +210 Ready to process requests. Adam Schappell System Administrator II Clearedge IT Solutions, LLC 10620 Guilford Road Jessup, MD 20794 Office:443-212-4712 Fax:443-212-4809 www.ClearEdgeIT.com <http://www.clearedgeit.com/> On Fri, Mar 27, 2015 at 1:57 PM, Alan DeKok <aland@deployingradius.com> wrote:
On Mar 27, 2015, at 12:44 PM, Adam Schappell <aschappell@clearedgeit.com> wrote:
[ldap] ldap_search() failed: Operations error
In v2, read raddb/modules/ldap. Look for “operations error”.
If that text isn’t there, upgrade to 2.2.6.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html