Well… based on that log output.
(633) group { (633) redundant { rlm_ldap (ldap_personel): Closing connection (10): Hit idle_timeout, was idle for 53546 seconds rlm_ldap (ldap_personel): Closing connection (12): Hit idle_timeout, was idle for 53529 seconds rlm_ldap (ldap_personel): Closing connection (11): Hit idle_timeout, was idle for 53522 seconds rlm_ldap (ldap_personel): You probably need to lower "min" rlm_ldap (ldap_personel): Closing connection (13): Hit idle_timeout, was idle for 53521 seconds rlm_ldap (ldap_personel): You probably need to lower "min" rlm_ldap (ldap_personel): 0 of 0 connections in use. You may need to increase "spare" rlm_ldap (ldap_personel): Opening additional connection (14), 1 of 32 pending slots used rlm_ldap (ldap_personel): Connecting to ldap://95.183.213.8:389 rlm_ldap (ldap_personel): Waiting for bind result... rlm_ldap (ldap_personel): Bind successful rlm_ldap (ldap_personel): Reserved connection (14) (633) ldap_personel: EXPAND (&(email=%{User-Name})(objectClass=kPerson)) (633) ldap_personel: --> (&(email=ogr1@erzurum.edu.tr )(objectClass=kPerson)) (633) ldap_personel: Performing search in "cn=personel,dc=etu" with filter "(&(email=ogr1@erzurum.edu.tr)(objectClass=kPerson))", scope "sub" (633) ldap_personel: Waiting for search result... (633) ldap_personel: Search returned no results rlm_ldap (ldap_personel): Released connection (14) Need 1 more connections to reach min connections (2) rlm_ldap (ldap_personel): Opening additional connection (15), 1 of 31 pending slots used rlm_ldap (ldap_personel): Connecting to ldap://95.183.213.8:389 rlm_ldap (ldap_personel): Waiting for bind result... rlm_ldap (ldap_personel): Bind successful (633) [ldap_personel] = notfound (633) } # redundant = notfound
The “redundant{}” is working as well. Therefore, your LDAP query is replying not found.
(633) Invalid user (Auth Source Reject: [ogr1@erzurum.edu.tr] No matching user found in authentication source!): [ogr1@erzurum.edu.tr] (from client rektorluk port 0 cli 3233fb9fb6d3 via TLS tunnel) Called-Station-ID: a8bd27c04dac Calling-Station-ID: 3233fb9fb6d3 Auth-Type:
Well, the “invalid user”, so…..
(633) update outer.session-state { (633) &Module-Failure-Message := &request:Module-Failure-Message -> 'Auth Source Reject: [ogr1@erzurum.edu.tr] No matching user found in authentication source!' (633) } # update outer.session-state = noop
Any idea why "redundant" behaves different in the inner-tunnel or what am I missing?
Again, the “redundant{}” is working as well. Please, take a look again at the logs and you will see that the error messages are pretty clear: “No matching user found" — Jorge Pereira
Regards,
Rahman Duran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jorge Pereira jpereira@networkradius.com