FR 3.0 with eDir

Arran Cudbard-Bell a.cudbardb at freeradius.org
Fri Dec 6 15:29:47 CET 2013 

On 6 Dec 2013, at 05:50, Hubert Kupper <kupper at uni-landau.de> wrote:

> Am 05.12.2013 12:46, schrieb Arran Cudbard-Bell:
>>>>> 
>>>> Yes, one of our testers reported the current code works fine against eDirectory.
>>>> 
>>>> I'll fix up the debug output so you get a more verbose error message at least.
>> Done. Let me know what error you get.
>> 
>> -Arran
> Hi Arran,
> 
> thanks for the fix. Now I get the following error:
> --------
> (3)   [preprocess] = ok
> (3)   [mschap] = noop
> (3) suffix : No '@' in User-Name = "foo", looking up realm NULL
> (3) suffix : Found realm "NULL"
> (3) suffix : Adding Stripped-User-Name = "foo"
> (3) suffix : Adding Realm = "NULL"
> (3) suffix : Authentication realm is LOCAL.
> (3)   [suffix] = ok
> (3) eap : EAP packet type response id 3 length 6
> (3) eap : No EAP Start, assuming it's an on-going EAP conversation
> (3)   [eap] = updated
> (3)   [files] = noop
> rlm_ldap (ldap): Reserved connection (4)
> (3) ldap :      expand: "(cn=%{%{Stripped-User-Name}:-%{User-Name}})" -> '(cn=foo)'
> (3) ldap :      expand: "o=testo" -> 'o=testo'
> (3) ldap : Performing search in 'o=testo' with filter '(cn=foo)'
> (3) ldap : Waiting for search result...
> (3) ldap : User object found at DN "cn=foo,ou=testou,o=testo"
> (3) ERROR: ldap : Failed to retrieve eDirectory password: Other (e.g., implementation specific) error
> rlm_ldap (ldap): Released connection (4)

I don't have access to an eDirectory implementation to debug.

Could you provide packet traces (in the clear)? Set the connection pool to 1, and run a couple of 
requests few to ensure it doesn't bind, and expose your admin credentials.

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20131206/bf2132e9/attachment.pgp>

More information about the Freeradius-Users mailing list