Ldap Authentication question

Alan DeKok aland at deployingradius.com
Thu Mar 31 13:50:13 CEST 2011


Ramon Escriba wrote:
> Alan, please do not get angry ok?,
> The line in my answer about the "sarcastical reply" was for Alexander, not
> for you.

  His answer is largely what mine would have been.

> Here're the logs:
> 
> First authentication
...
> rad_recv: Access-Request packet from host 10.0.0.1port 32770, id=29,
> length=95
>         User-Name = "0019B976CC36"
>         User-Password = "0019B976CC36"
...
> ----------------SECOND AUTHENTICATION ------------------
...
> rad_recv: Access-Request packet from host 10.0.0.1port 32770, id=30,
> length=95
>         User-Name = "0026B9692F6F"
>         User-Password = "0026B9692F6F"

  The requests are different.  That's why they're being treated differently.

> [files]         expand:
> %{STAFF2:ldap:///ou=Staff2,ou=VLANS,ou=Radius,dc=machine,dc=com?uid?one?uid=
> %i} ->

  That would seem to be useful to look at.

  Compare that to the similar line from the previous authentication.

  i.e. the debug output looks scary, but it's not.  Treat it as a
sequence of nonsense lines.  Compare the two results line by line.  The
differences are why one succeeds, and the other fails.

  Alan DeKok.



More information about the Freeradius-Users mailing list