Thank you. That is the understanding I was missing and looking for. Laurence Alan DeKok wrote:
Laurence Mayer wrote:
The binding currently is happening by root and is successful.
Yet it returns *no* information. Normally, the "bind as root" returns the user's "known good" password. This hasn't happened here.
The second phase (authenticate) by the end user does not succeed.
The "bind as user" fails. Debug output shows this.
I am trying to understand why despite the binding happening by root, the user cannot authenticate.
Because the credentials are invalid. ...
rad_recv: Access-Request packet from host 172.16.16.55:34583, id=49, length=60 User-Name = "laurence" User-Password = "xxxx"
It has a packet with a password.
NAS-IP-Address = 255.255.255.255
rlm_ldap: bind as cn=root,dc=istraresearch,dc=com/xxxx to 127.0.0.1:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=People,dc=istraresearch,dc=com, with filter (&(objectClass=inetOrgPerson)(uid=laurence)) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory...
And nothing was returned. i.e. the user exists, but nothing more.
rlm_ldap: bind as cn=Laurence Mayer,ou=people,dc=istraresearch,dc=com/xxxx to 127.0.0.1:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind failed with invalid credentials
That's pretty definitive. His credentials are invalid. The LDAP server says so.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- -------------------------- Laurence Mayer Director of Operations & IT Istra Research Ltd. Tel: +972545233107 Fax: +972722765124