both accounts are read only administrators..... both have bind rights, both accounts are being used in other places for LDAP authentication. I am following everyones instructions, here is a recap since I came here for help. problem 1 needed help with LDAP and SHA512, resolution not supported on version 2.x and goto version 3.x problem 2 went to version 3.0.11, had an issue with /dev/urandom, resolution was told there was a bug and pushed a fix goto 3.1.0 problem 3 told to change auth order in default fie, posted radiusd -X out put and config, resolution none problem 4 went to version 3.1.0, for unknow_error message with /dev/urandom, and fixed an issue on the OS side regrading gnutls and openssl as Ubuntu and Debian both seem to be baking gnutls into their latest brews. Now that the freeradius server I have had to build from source can connect over SSL, I am back to the same problem I can not authenticate a user on LDAP. resolution being told I can not follow instructions Where have I not followed instruction, I have made several course correction with shrewd comments and that is fine it gets the problem fixed, however the problem is not fixed and I am still having the issue of not being able to authenticate a users password with all the documentation and instruction I have received. So far since being told to only modify the LDAP configure and change the order of the default file I have edited on my LDAP information. Seemed to make sense at the time as I want to authenticate users against my LDAP server like the rest of the services. Seeing how this LDAP system is working on all my systems in various forms and I am using the same user account to bind, what is so different with this setup? Secondly if it isn't rocket science then you should be able to explain it to anyone, especially since all the modification, which have been minimal were direct by people from your group and by group I am referring to people with @deployingradius.com individuals. I am not trying to be rude and I have been reading all the documentation I can get my hands on, however I am still stuck. Coming to the e-mail threads has been a last resort of sorts. As this project started I never planned to build from source or need to do a git pull request to get things working smoothly, but here we are. I am just asking for help. On Tue, Feb 2, 2016 at 1:04 PM, Alan DeKok <aland@deployingradius.com> wrote:
On Feb 2, 2016, at 3:58 PM, Will W. <will@damagesinc.net> wrote:
LDAP server is already service up for VPN access and all users
authenticate
but to clarifiy both user accounts are identical other than username. The only difference I can see is that the bind-user is the user account that is binding the freeradius server to LDAP. So the bind user can look himself up isn’t really a win as none of the other users in the system can be authenticated.
<sigh>
You were told to configure a read-only administrator account. That account should have permissions to read everyones passwords. Then, FreeRADIUS should be configured to use that account when binding to LDAP.
The majority of problems you're running into are because you fail to follow instructions.
It's not complicated. You're making it complicated. You're trying all kinds of different things, essentially randomly. When instead, following the instructions would have gotten this solved a LONG time ago.
It's time to stop asking questions, and to start following instructions. If you don't care enough to follow instructions, we can help you by unsubscribing you from the list. We don't have any interest in helping people who waste everyones time.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html