Freeradius - LDAP Authenication
Simon Barnes
simon.barnes at marymount.edu
Wed Aug 10 20:17:44 CEST 2005
Hi Kris,
Thanks for your input.
>I think I'm at the end of my abilities here, but will make a couple more
>comments.
>First off, I'm nowhere near being an LDAP pro, but what's up with the
>"o=mayrmount.edu.o=marymount.edu" ? There are two things that stick out
>to me here -- first off, the '.' between the elements... I'm used to
>seeing a comma. Second, the duplication of the o=. Do you *really* have
>a child element named the same as its parent?
We do indeed have a child with the same name as the parent and they both
have "." in them. Fun Hey
>I'm sorry I can't be of more assistance... but if ldapsearch works with
>the same binding credentials as FreeRadius (n.b. bind as the *user*
>"sbarnes" *not* as admin), then the issue looks to be something with the
>way FreeRadius & the Sun software interact.
I'll try and investigate to see if there are differences between the Sun and
openldap and how they interact with freeradius..
Any one else out there with SUN directory server / iplanet?
>Is there, by chance, a policy restricting number of connections per minute
>on the Sun server? FreeRadius likes to connect at least twice in the
>authentication process -- once to search the directory, again to bind as
>the user it found.
As far as I know no policy restricting access request per minute, but I will
check.
Simon Barnes
More information about the Freeradius-Users
mailing list