Issue with OpenLdap and FreeRadius
Andrew Niemantsverdriet
andrew at rocky.edu
Wed Aug 20 19:42:55 CEST 2014
I guess where I am confused is that it works when I don't have write access
to sambantpassword in OpenLDAP but fails as soon as I grant that in an ACL.
On Wed, Aug 20, 2014 at 9:10 AM, Alan DeKok <aland at deployingradius.com>
wrote:
> Andrew Niemantsverdriet wrote:
> > Anybody have any ideas on this? I'm stuck.
>
> Read the debug output. It's simple.
>
> [ldap] looking for check items in directory...
> [ldap] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP. Are you sure that
> the user is configured correctly?
>
> So... that's the problem.
>
> Don't blame FreeRADIUS if OpenLDAP isn't returning a password for the
> user.
>
> And when it works:
>
> ldap] expand: dc=localdomain -> dc=localdomain
> [ldap] ldap_get_conn: Checking Id: 0
> [ldap] ldap_get_conn: Got Id: 0
> [ldap] performing search in dc=localdomain, with filter
> (uid=stewart.shoe)
> [ldap] checking if remote access for stewart.shoe is allowed by uid
> [ldap] looking for check items in directory...
> [ldap] sambantpassword -> NT-Password ==
> 0x4434324535354546393031414334453743383444463546434432304135324235
> [ldap] looking for reply items in directory...
>
> See? Pretty simple.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
_
/-\ ndrew Niemantsverdriet
Linux System Administrator
Academic Computing
(406) 238-7360
Rocky Mountain College
1511 Poly Dr.
Billings MT, 59102
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140820/a9f27b24/attachment.html>
More information about the Freeradius-Users
mailing list