Radius --> Openldap auth: Failed to validate the user

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Sun Aug 31 16:22:04 CEST 2008


Hi,

> As user laurence I am able to search, so the root now binds, however  
> laurence does not authenticate. I am able to connect via ssh via ldap  
> server etc.

and the debug log shows....

> auth: type "LDAP"
>   Processing the authenticate section of radiusd.conf
> modcall: entering group LDAP for request 0
> rlm_ldap: - authenticate
> rlm_ldap: login attempt by "laurence" with password "xxxx"
> rlm_ldap: user DN: cn=Laurence Mayer,ou=people,dc=istraresearch,dc=com
> rlm_ldap: (re)connect to 127.0.0.1:389, authentication 1
> rlm_ldap: could not set LDAP_OPT_X_TLS_REQUIRE_CERT option to allow
> rlm_ldap: bind as cn=Laurence  
> Mayer,ou=people,dc=istraresearch,dc=com/xxxx to 127.0.0.1:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind failed with invalid credentials
>   modcall[authenticate]: module "ldap" returns reject for request 0
> modcall: leaving group LDAP (returns reject) for request 0
> auth: Failed to validate the user.

thats fairly obvious. this auth is still binding as cn=Laurence.....
and unable to. change this binding operation to some level that can.
reason why this part fails is this bind for authenticate
is asking for some more sensitive details (password!) whereas
the authorize is just doing a value/check comparison to see
if they are allowed to the resources.

alan



More information about the Freeradius-Users mailing list