Some users can't login after upgrade!
Dean, Barry
B.Dean at liverpool.ac.uk
Tue Nov 13 10:31:18 CET 2007
Our Novell experts have looked into the LDAP database and found that the affected accounts do indeed have the sasDefaultLoginSequence attribute, in fact only a handful of accounts have it.
They are testing now. I will let you all know what happens.
---------------
Barry Dean
Networks Team
-----Original Message-----
From: freeradius-users-bounces at lists.freeradius.org [mailto:freeradius-users-bounces at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: 09 November 2007 15:11
To: FreeRadius users mailing list
Subject: Re: Some users can't login after upgrade!
Dean, Barry wrote:
> The debug output (private data masked) can be picked up from:
>
> Version 1.1.4 (Works): http://pcwww.liv.ac.uk/~bvd/radius/114.txt
> Version 1.1.7 (Broken): http://pcwww.liv.ac.uk/~bvd/radius/117.txt
>
> They are reasonably long so I did not want to post them as a long email!
>
> My reading of them indicates that the eDirectory returns a "NOT OK" to 1.1.7 and an "OK" to 1.1.4 for the
> same user account!
Novell contributed a patch to allow changing the eDirectory NMAS
authentication option. In the source, they look for "<No Default>". In
the debug logs you provide, eDirectory returns "------No default------".
Try changinging "sasDefaultLoginSequence" to "<No Default>" for the user.
In short, the Novell patch doesn't seem to agree with the behavior of
Novell's eDirectory server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list