Freeradius - LDAP Authenication

Kris Benson kbenson at sd57.bc.ca
Wed Aug 10 17:23:39 CEST 2005


FreeRadius users mailing list <freeradius-users at lists.freeradius.org> on
August 10, 2005 at 05:34 -0800 wrote:
>Kris,
>
>Aug 10 07:06:21 2005 : Debug: rlm_ldap: bind as
>uid=sbarnes,ou=people,o=marymount.edu.o=marymount.edu/cortina to
>info.marymount.edu:389
>Wed Aug 10 07:06:21 2005 : Error: rlm_ldap:
>uid=sbarnes,ou=people,o=marymount.edu.o=marymount.edu bind to
>info.marymount.edu:389 failed: Can't contact LDAP server
>
>Even tried authentication to the backup LDAP server. Is there anyway to
>test
>the ldap module by hand as it were? 

I think I'm at the end of my abilities here, but will make a couple more
comments.

First off, I'm nowhere near being an LDAP pro, but what's up with the
"o=mayrmount.edu.o=marymount.edu" ?  There are two things that stick out
to me here -- first off, the '.' between the elements... I'm used to
seeing a comma.  Second, the duplication of the o=.  Do you *really* have
a child element named the same as its parent?

I'm sorry I can't be of more assistance... but if ldapsearch works with
the same binding credentials as FreeRadius (n.b. bind as the *user*
"sbarnes" *not* as admin), then the issue looks to be something with the
way FreeRadius & the Sun software interact.

Is there, by chance, a policy restricting number of connections per minute
on the Sun server?  FreeRadius likes to connect at least twice in the
authentication process -- once to search the directory, again to bind as
the user it found.

-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)




More information about the Freeradius-Users mailing list