Our Novell experts have looked into the LDAP database and found that the affected accounts do indeed have the sasDefaultLoginSequence attribute, in fact only a handful of accounts have it. They are testing now. I will let you all know what happens. --------------- Barry Dean Networks Team -----Original Message----- From: freeradius-users-bounces@lists.freeradius.org [mailto:freeradius-users-bounces@lists.freeradius.org] On Behalf Of Alan DeKok Sent: 09 November 2007 15:11 To: FreeRadius users mailing list Subject: Re: Some users can't login after upgrade! Dean, Barry wrote:
The debug output (private data masked) can be picked up from:
Version 1.1.4 (Works): http://pcwww.liv.ac.uk/~bvd/radius/114.txt Version 1.1.7 (Broken): http://pcwww.liv.ac.uk/~bvd/radius/117.txt
They are reasonably long so I did not want to post them as a long email!
My reading of them indicates that the eDirectory returns a "NOT OK" to 1.1.7 and an "OK" to 1.1.4 for the same user account!
Novell contributed a patch to allow changing the eDirectory NMAS authentication option. In the source, they look for "<No Default>". In the debug logs you provide, eDirectory returns "------No default------". Try changinging "sasDefaultLoginSequence" to "<No Default>" for the user. In short, the Novell patch doesn't seem to agree with the behavior of Novell's eDirectory server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html