Radius --> Openldap auth: Failed to validate the user
Laurence Mayer
laurence at istraresearch.com
Mon Sep 1 11:01:33 CEST 2008
Thank you. That is the understanding I was missing and looking for.
Laurence
Alan DeKok wrote:
> Laurence Mayer wrote:
>> The binding currently is happening by root and is successful.
>
> Yet it returns *no* information. Normally, the "bind as root" returns
> the user's "known good" password. This hasn't happened here.
>
>> The second phase (authenticate) by the end user does not succeed.
>
> The "bind as user" fails. Debug output shows this.
>
>> I am trying to understand why despite the binding happening by root, the
>> user cannot authenticate.
>
> Because the credentials are invalid.
> ...
>> rad_recv: Access-Request packet from host 172.16.16.55:34583, id=49,
>> length=60
>> User-Name = "laurence"
>> User-Password = "xxxx"
>
> It has a packet with a password.
>
>> NAS-IP-Address = 255.255.255.255
>
>
>
>> rlm_ldap: bind as cn=root,dc=istraresearch,dc=com/xxxx to 127.0.0.1:389
>> rlm_ldap: waiting for bind result ...
>> rlm_ldap: Bind was successful
>> rlm_ldap: performing search in ou=People,dc=istraresearch,dc=com, with
>> filter (&(objectClass=inetOrgPerson)(uid=laurence))
>> rlm_ldap: looking for check items in directory...
>> rlm_ldap: looking for reply items in directory...
>
> And nothing was returned. i.e. the user exists, but nothing more.
>
>> rlm_ldap: bind as cn=Laurence
>> Mayer,ou=people,dc=istraresearch,dc=com/xxxx to 127.0.0.1:389
>> rlm_ldap: waiting for bind result ...
>> rlm_ldap: Bind failed with invalid credentials
>
> That's pretty definitive. His credentials are invalid. The LDAP
> server says so.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
--------------------------
Laurence Mayer
Director of Operations & IT
Istra Research Ltd.
Tel: +972545233107
Fax: +972722765124
More information about the Freeradius-Users
mailing list