Radius --> Openldap auth: Failed to validate the user
Alan DeKok
aland at deployingradius.com
Mon Sep 1 10:20:15 CEST 2008
Laurence Mayer wrote:
> The binding currently is happening by root and is successful.
Yet it returns *no* information. Normally, the "bind as root" returns
the user's "known good" password. This hasn't happened here.
> The second phase (authenticate) by the end user does not succeed.
The "bind as user" fails. Debug output shows this.
> I am trying to understand why despite the binding happening by root, the
> user cannot authenticate.
Because the credentials are invalid.
...
> rad_recv: Access-Request packet from host 172.16.16.55:34583, id=49,
> length=60
> User-Name = "laurence"
> User-Password = "xxxx"
It has a packet with a password.
> NAS-IP-Address = 255.255.255.255
> rlm_ldap: bind as cn=root,dc=istraresearch,dc=com/xxxx to 127.0.0.1:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in ou=People,dc=istraresearch,dc=com, with
> filter (&(objectClass=inetOrgPerson)(uid=laurence))
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
And nothing was returned. i.e. the user exists, but nothing more.
> rlm_ldap: bind as cn=Laurence
> Mayer,ou=people,dc=istraresearch,dc=com/xxxx to 127.0.0.1:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind failed with invalid credentials
That's pretty definitive. His credentials are invalid. The LDAP
server says so.
Alan DeKok.
More information about the Freeradius-Users
mailing list