Freeipa and Freeradius integration

KL Forwarder kl.forwarder at
Tue Apr 28 17:38:18 CEST 2015

Arran, you made my day.

It is working now.

Your hint about the two results (off list) helped a lot. I tried a
more specific ldapsearch, for the object which had the password
element, I then changed the base_dn in mods-enabled/ldap to
"cn=users,cn=accounts,dc=companyname,dc=local" instead of
"dc=companyname,dc=local". I now get an "Access-Accept"!

Thanks a lot for your help, it is not often someone takes this amount
of time to investigate these kind of specific problems. I will post a
guide later.

Thanks again,

On Tue, Apr 28, 2015 at 5:03 PM, Arran Cudbard-Bell
<a.cudbardb at> wrote:
>> On 28 Apr 2015, at 15:48, KL Forwarder <kl.forwarder at> wrote:
>> Here are The Files :)
> Ok, yeah it's definitely sending back two results, i'll think about it on the flight... It would be helpful if you could investigate on your side or contact redhat to find out why it might be returning two results.
> We could add logic that skips objects which have zero attributes.
> -Arran
> Arran Cudbard-Bell <a.cudbardb at>
> FreeRADIUS development team
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

More information about the Freeradius-Users mailing list