Issue with OpenLdap and FreeRadius
Sven Hartge
sven at svenhartge.de
Thu Aug 21 14:23:52 CEST 2014
On 18.08.2014 18:17, Andrew Niemantsverdriet wrote:
> I'm am using FreeRadius 2.1.12 from the CentOS repo and am trying to get
> it working with OpenLDAP 2.3.43 also from the CentOS repo. Everything is
> working great until I add and ACL to OpenLDAP that gives self write
> access to sambaNTpassword. When that line is added FreeRadius will stop
> authenticating clients.
Do you use an ACL like:
access to attrs=sambaNTpassword
by self =w
? If so, then you granted write access, but no read access. You need to use
access to attrs=sambaNTpassword
by self =rw
Note that there is a difference between writing
access to attrs=sambaNTpassword
by self write
and
access to attrs=sambaNTpassword
by self =w
The first one includes read access, the second one does not.
Use the slapacl utility to test your ACLs and see the difference.
Grüße,
Sven.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140821/0d8f6ad7/attachment.pgp>
More information about the Freeradius-Users
mailing list