Problems freeradius and samba4

ricardobarbosams spiderslack at
Mon Jun 10 21:29:51 CEST 2013

Hi all.

I trying deploy the environment beetween freeradius and samba4 for 
wireless network. The topology follow bellow.

access point <----> freeradius server <-----> server samba4

I setting the access point for authenticate in freeradius server and 
freeradius using ldap e authenticate in samba4, but not work

follow bellow log server freeradius:

[suffix] No '@' in User-Name = "user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[unix] returns notfound
++[files] returns noop
[ldap] performing user authorization for user
[ldap]  expand: (&(objectClass=user)(sAMAccountName=%{User-Name})) -> 
[ldap]  expand: dc=batlab,dc=corp -> dc=batlab,dc=corp
   [ldap] ldap_get_conn: Checking Id: 0
   [ldap] ldap_get_conn: Got Id: 0
   [ldap] attempting LDAP reconnection
   [ldap] closing existing LDAP connection
   [ldap] (re)connect to, authentication 0
   [ldap] bind as CN=freeradius,OU=noc,OU=batlab,DC=batlab,DC=corp/xxxx 
   [ldap] waiting for bind result ...
   [ldap] Bind was successful
   [ldap] performing search in dc=batlab,dc=corp, with filter 
   [ldap] ldap_search() failed: Operations error
[ldap] search failed
   [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns fail
Invalid user: [user/<no User-Password attribute>] (from client port 0 cli 001f3a528f60)
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> user
  attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated

I note this ldapsearch executed successfull

# ldapsearch -LLL -h -b dc=batlab,dc=corp -D 
user2 at batlab.corp -W '(&(objectClass=user)(sAMAccountName=user))'
dn: CN=user test,OU=noc,OU=batlab,DC=batlab,DC=corp
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: user test
instanceType: 4
whenCreated: 20130404161519.0Z
displayName: user test
uSNCreated: 3728
name: user test
objectGUID:: x9uu1FOl70u8ovEwuZ72Rw==
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: user
sAMAccountType: 805306368
userPrincipalName: user at batlab.corp
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=batlab,DC=corp
pwdLastSet: 130095657200000000
userAccountControl: 66048
memberOf: CN=Administrators,CN=Builtin,DC=batlab,DC=corp
memberOf: CN=Domain Admins,CN=Users,DC=batlab,DC=corp
memberOf: CN=Enterprise Admins,CN=Users,DC=batlab,DC=corp
memberOf: CN=g_noc,OU=noc,OU=batlab,DC=batlab,DC=corp
mail: user at
whenChanged: 20130427195156.0Z
uSNChanged: 4204
distinguishedName: CN=user test,OU=noc,OU=batlab,DC=batlab,DC=corp

I noticed that the ldap Samba4 does not possess the attribute 
user-password, is this the cause?

My settings:

Ubuntu Linux 12.04.2
Access Point: Linksys Cisco wrtp54g

Any ideas.


More information about the Freeradius-Users mailing list