When to ldap?

Alan DeKok aland at deployingradius.com
Thu May 13 11:15:08 CEST 2010 

Dean, Barry wrote:
...
>   [ldap] performing search in OU=UOL,DC=adserer,DC=liv,DC=ac,DC=uk, with filter (sAMAccountName=user)
> [ldap] looking for check items in directory...
> [ldap] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?

  I mean, really... what's the issue?

...
> [pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.

  That should be a hint.

  Paste the debugging output into the form at:


> ++[pap] returns noop
> No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
> Failed to authenticate the user.
> Login incorrect: [user] (from client EZProxy port 0)
> } # server radius
> Using Post-Auth-Type Reject
> +- entering group REJECT {...}
> [attr_filter.access_reject]     expand: %{User-Name} -> user
>  attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 0 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> rad_recv: Access-Request packet from host 192.168.0.10 port 63775, id=111, length=49
> Waiting to send Access-Reject to client EZProxy port 63775 - ID: 111
> Sending delayed reject for request 0
> Sending Access-Reject of id 111 to 192.168.0.10 port 63775
> Waking up in 4.9 seconds.
> Cleaning up request 0 ID 111 with timestamp +32
> 
>>> I presume:
>>>
>>>               if (!EAP-Message) {
>>>                        ldap
>>>                }
>>>
>>> Fails to set Auth-Type LDAP?
>>  Yes.  It *shouldn't*, either.  That was a mistake from 1.x.
> 
> 	I have seen the dire warnings about "Don't set Auth-Type = LDAP" so I have not ventured there as I am sure there are dragons.
> 
> ----------------------
> Barry Dean
> Principal Programmer/Analyst
> Networks Group
> Computing Services Department
> Tel: 0151 795 9540
> 
> 
> 
> ------------------------------------------------------------------------
> 
> 
> ------------------------------------------------------------------------
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list