ldap double bind (rebind) problem
Alan DeKok
aland at deployingradius.com
Tue Jun 30 15:56:46 CEST 2009
Joerg Spatschil wrote:
> I run FreeRADIUS Version 2.0.5, for host i686-pc-linux-gnu and testing
> FreeRADIUS Version 2.1.3 both on gentoo systems, I want to peap
> authenticate, authorize and set VLANs on a Cisco Cat 4500 according to a
> ldap Attribute.
...
> Adding the machine and user to users file
> DEFAULT Auth-Type := EAP, User-Password == ""
Don't do this.
(1) Setting Auth-Type is unnecessary and wrong. Delete it.
(2) Setting User-Password == "" is unnecessary and wrong. Delete it.
> user at domain Auth-Type := EAP, User-Password == ""
The same comments apply here.
> Major problem in the debug:
> new result: res_errno: 1, res_error: <000004DC: LdapErr: DSID-0C0906DD,
> comment: In order to perform this operation a successful bind must be
> completed on the connection., data 0, v1772>, res_matched: <>
> read1msg: ld 0x81c1068 0 new referrals
You will need to install version 2.1.6, and configure
"chase_referrals" and "rebind" in the ldap module. See
raddb/modules/ldap for more details.
Alan DeKok.
More information about the Freeradius-Users
mailing list