Laurence Mayer wrote:
The binding currently is happening by root and is successful.
Yet it returns *no* information. Normally, the "bind as root" returns the user's "known good" password. This hasn't happened here.
The second phase (authenticate) by the end user does not succeed.
The "bind as user" fails. Debug output shows this.
I am trying to understand why despite the binding happening by root, the user cannot authenticate.
Because the credentials are invalid. ...
rad_recv: Access-Request packet from host 172.16.16.55:34583, id=49, length=60 User-Name = "laurence" User-Password = "xxxx"
It has a packet with a password.
NAS-IP-Address = 255.255.255.255
rlm_ldap: bind as cn=root,dc=istraresearch,dc=com/xxxx to 127.0.0.1:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=People,dc=istraresearch,dc=com, with filter (&(objectClass=inetOrgPerson)(uid=laurence)) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory...
And nothing was returned. i.e. the user exists, but nothing more.
rlm_ldap: bind as cn=Laurence Mayer,ou=people,dc=istraresearch,dc=com/xxxx to 127.0.0.1:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind failed with invalid credentials
That's pretty definitive. His credentials are invalid. The LDAP server says so. Alan DeKok.