ldap double bind (rebind) problem

Alan DeKok aland at deployingradius.com
Tue Jun 30 15:56:46 CEST 2009

Joerg Spatschil wrote:
> I run FreeRADIUS Version 2.0.5, for host i686-pc-linux-gnu and testing
> FreeRADIUS Version 2.1.3 both on gentoo systems, I want to peap
> authenticate, authorize and set VLANs on a Cisco Cat 4500 according to a
> ldap Attribute.
> Adding the machine and user to users file
> DEFAULT Auth-Type := EAP, User-Password == ""

  Don't do this.

  (1) Setting Auth-Type is unnecessary and wrong.  Delete it.

  (2) Setting User-Password == "" is unnecessary and wrong. Delete it.

> user at domain    Auth-Type := EAP, User-Password == ""

  The same comments apply here.

> Major problem in the debug:
> new result:  res_errno: 1, res_error: <000004DC: LdapErr: DSID-0C0906DD,
> comment: In order to perform this operation a successful bind must be
> completed on the connection., data 0, v1772>, res_matched: <>
> read1msg: ld 0x81c1068 0 new referrals

  You will need to install version 2.1.6, and configure
"chase_referrals" and "rebind" in the ldap module.  See
raddb/modules/ldap for more details.

  Alan DeKok.

More information about the Freeradius-Users mailing list