Problems freeradius and samba4
ricardobarbosams
spiderslack at yahoo.com.br
Sun Jun 23 00:12:13 CEST 2013
Hi Ortega,
With user administrator not worked. look log file
[ldap] performing user authorization for test
[ldap] expand: (&(objectClass=user)(sAMAccountName=%{User-Name})) ->
(&(objectClass=user)(sAMAccountName=test))
[ldap] expand: dc=batlab,dc=corp -> dc=batlab,dc=corp
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] closing existing LDAP connection
[ldap] (re)connect to 192.168.0.4:389, authentication 0
[ldap] bind as /XXXXX to 192.168.0.4:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] performing search in dc=batlab,dc=corp, with filter
(&(objectClass=user)(sAMAccountName=test))
[ldap] ldap_search() failed: Operations error
[ldap] search failed
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns fail
Any Idea
Em 06/14/13 03:40, Roberto Ortega Ramiro escreveu:
> Hi, i'm starter here but, the user freeradius in your ldap must be
> able to read user's passwords.
>
> Try with administrator in /etc/raddb/modules/ldap and if it works, the
> user freeradius won't has rigths for this.
>
> By
>
> El viernes, 14 de junio de 2013, ricardobarbosams escribió:
>
> Hi.
>
> Executing ldapsearch with user freeradius
>
> root at maxwell:~# ldapsearch -LLL -x -h 192.168.0.4 -b
> "dc=batlab,dc=corp" -D
> "CN=freeradius,OU=noc,OU=batlab,DC=batlab,DC=corp" -W
> "(sAMAccountName=administrator)" cn
> Enter LDAP Password:
> dn: CN=Administrator,CN=Users,DC=batlab,DC=corp
> cn: Administrator
>
>
> Its Works.
>
> Regards.
>
> Em 06/13/13 03:37, Iliya Peregoudov escreveu:
>
> On 12.06.2013 4:19, ricardobarbosams wrote:
>
>
> No my filter is
>
> filter = "(&(objectClass=user)(sAMAccountName=%{User-Name}))"
>
>
> I do not talk about filter, I do talk about binding to the
> directory. Your ldapsearch binds to the directory using one
> user and your radiusd binds to directory as another user.
> These users can have different authorization levels in the
> directory server. Directory may allow to retrieve objects to
> user2 at batlab.corp user but disallow it to
> CN=freeradius,OU=noc,OU=batlab,DC=batlab,DC=corp user.
>
> Configure radiusd to use the user2 at batlab.corp user to bind to
> the directory and you'll get same results as with ldapsearch.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
> --
> --
> Un saludo.
> ____________________
>
> Roberto Ortega
> Profesor de Informática.
> http://www.proyectoret.es <http://www.proyectoret.es/>
>
> Escuelas San José Valencia
> Avd.Cortes Valencianas nº1
> 46015 Valencia
> R4600489A
> Tf:963499011 ext. 262
> Fax:963488835
> http://www.escuelassj.com <http://www.escuelassj.com/>
>
> No imprimas este correo si no es necesario. Protejamos el medio ambiente.
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130622/d7af950f/attachment.html>
More information about the Freeradius-Users
mailing list