Radius --> Openldap auth: Failed to validate the user

Laurence Mayer laurence at istraresearch.com
Mon Sep 1 09:27:13 CEST 2008


If I understand this correctly, each user who would like to 
authenticated would require those access rights and not only laurence?


What would the access list look like?

Thanks in advance

Laurence



A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
> 
>> As user laurence I am able to search, so the root now binds, however  
>> laurence does not authenticate. I am able to connect via ssh via ldap  
>> server etc.
> 
> and the debug log shows....
> 
>> auth: type "LDAP"
>>   Processing the authenticate section of radiusd.conf
>> modcall: entering group LDAP for request 0
>> rlm_ldap: - authenticate
>> rlm_ldap: login attempt by "laurence" with password "xxxx"
>> rlm_ldap: user DN: cn=Laurence Mayer,ou=people,dc=istraresearch,dc=com
>> rlm_ldap: (re)connect to 127.0.0.1:389, authentication 1
>> rlm_ldap: could not set LDAP_OPT_X_TLS_REQUIRE_CERT option to allow
>> rlm_ldap: bind as cn=Laurence  
>> Mayer,ou=people,dc=istraresearch,dc=com/xxxx to 127.0.0.1:389
>> rlm_ldap: waiting for bind result ...
>> rlm_ldap: Bind failed with invalid credentials
>>   modcall[authenticate]: module "ldap" returns reject for request 0
>> modcall: leaving group LDAP (returns reject) for request 0
>> auth: Failed to validate the user.
> 
> thats fairly obvious. this auth is still binding as cn=Laurence.....
> and unable to. change this binding operation to some level that can.
> reason why this part fails is this bind for authenticate
> is asking for some more sensitive details (password!) whereas
> the authorize is just doing a value/check comparison to see
> if they are allowed to the resources.
> 
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list