FreeRadius cannot Authenticate to Windows AD

Norbert Wegener nw at sbs.de
Mon Dec 19 13:55:19 CET 2005 

A little modification of that patch seems to be neccessary, as the patch 
applies, but compiling fails:

Compiling this patch gives:
rlm_ldap.c: In function `ldap_groupcmp':
rlm_ldap.c:879: warning: initialization discards qualifiers from pointer 
target type
rlm_ldap.c:1010: warning: comparison between signed and unsigned
rlm_ldap.c: In function `ldap_xlat':
rlm_ldap.c:1135: warning: comparison between signed and unsigned
rlm_ldap.c: In function `ldap_authenticate':
rlm_ldap.c:1625: warning: initialization discards qualifiers from 
pointer target type
rlm_ldap.c: In function `ldap_rebind':
rlm_ldap.c:1924: error: `dn' undeclared (first use in this function)
rlm_ldap.c:1924: error: (Each undeclared identifier is reported only once
rlm_ldap.c:1924: error: for each function it appears in.)
rlm_ldap.c:1924: error: `passwd' undeclared (first use in this function)
rlm_ldap.c: In function `ldap_connect':
rlm_ldap.c:2009: warning: implicit declaration of function 
`ldap_int_tls_config'
rlm_ldap.c: In function `ldap_rebind':
rlm_ldap.c:1920: warning: unused parameter `request'
rlm_ldap.c:1920: warning: unused parameter `msgid'
rlm_ldap.c:1920: warning: unused parameter `params'
rlm_ldap.c: In function `ldap_groupcmp':
rlm_ldap.c:870: warning: unused parameter `request'
rlm_ldap.c:871: warning: unused parameter `check_pairs'
rlm_ldap.c:871: warning: unused parameter `reply_pairs'
gmake[6]: *** [rlm_ldap.o] Error 1
gmake[6]: Leaving directory 
`/home/radius/freeradius-1.0.5/src/modules/rlm_ldap'
gmake[5]: *** [common] Error 2
gmake[5]: Leaving directory `/home/radius/freeradius-1.0.5/src/modules'
gmake[4]: *** [all] Error 2
gmake[4]: Leaving directory `/home/radius/freeradius-1.0.5/src/modules'
gmake[3]: *** [common] Error 2
gmake[3]: Leaving directory `/home/radius/freeradius-1.0.5/src'
gmake[2]: *** [all] Error 2
gmake[2]: Leaving directory `/home/radius/freeradius-1.0.5/src'
gmake[1]: *** [common] Error 2
gmake[1]: Leaving directory `/home/radius/freeradius-1.0.5'
make: *** [all] Error 2

diff -Nru rlm_ldap.patch.org rlm_ldap.patch
--- rlm_ldap.patch.org  2005-12-19 13:45:03.000000000 +0100
+++ rlm_ldap.patch      2005-12-19 13:18:21.000000000 +0100
@@ -34,7 +34,7 @@
 +{
 +      if (DN != NULL && PASSWD != NULL){
 +              DEBUG("rlm_ldap: rebind to URL: %s",url);
-+              return ldap_bind_s( ld, dn, passwd, LDAP_AUTH_SIMPLE);
++              return ldap_bind_s( ld, DN, PASSWD, LDAP_AUTH_SIMPLE);
 +      }
 +}
 +

With the above changes rlm_ldap.c compiles and runs (at least for me).
Will the patch mentioned at 
http://bugs.freeradius.org/show_bug.cgi?id=183   become part of the next 
official release?

Norbert Wegener



Alan DeKok wrote:
>   In addition to Dusty's comments:
>
> Michael Calizo <mike.calizo at gmail.com> wrote:
>   
>> rlm_ldap: ldap_search() failed: Operations error
>>     
>
>   http://bugs.freeradius.org/show_bug.cgi?id=183
>
>   You're running into two issues:
>
>   -  the OpenLDAP client libraries don't use the
> authentication credentials they're given when following references.
>
>   - Active Directory is following references because your domain
> controller has two domains, and the user isn't found in one, so it's
> being referred to the other domain.
>
>   The patch might help, but your LDAP queries should be made more
> specific.
>
>   Alan DeKok.
>
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list