Hello, I am configuring freeradius to use openldap-backend for authentication. My setup runs on an embedded system built with Yoctoproject. To test my setup I run radtest from ubuntu image. From the debuggin messages of the FR I can see that LDAP back-end is in use but it always complains about invalid credentials: ... Found Auth-Type = LDAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group LDAP {...} [ldap] login attempt by "john" with password "?=K?)J��???Q$?��" [ldap] user DN: uid=john,ou=People,dc=my-domain,dc=com [ldap] (re)connect to 192.168.122.158:389, authentication 1 [ldap] bind as uid=john,ou=People,dc=my-domain,dc=com/?=K?)J��???Q$?�� to 192.168.122.158:389 [ldap] waiting for bind result ... [ldap] Bind failed with invalid credentials ++[ldap] returns reject ... (Notice, password looks wierd!) I belive that my configurations are correct, because when I setup FR on ubuntu to use LDAP from my embedded image, authentication passes successfully. The password is visible in clear text The FR in ubuntu and in my embedded image are compiled with --enable-developer flag. Can there be some limitation in my embedded environment that causes such behaviour? For example, busybox? Kind Regards, Petr
On 19 Nov 2013, at 10:02, petr@baranov.fi wrote:
(Notice, password looks wierd!)
You probably have an incorrect shared secret somewhere - freeradius should log a warning (if you look at the rest of the debug log) like: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Regards, Adam Bishop gpg: 0x6609D460 Janet, the UK's research and education network. Janet(UK) is a trading name of Jisc Collections and Janet Limited, a not-for-profit company which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
participants (3)
-
Adam Bishop -
petr@baranov.fi -
Phil Mayers