Authenticate to LDAP with GSSAPI
Isaac Boukris
iboukris at gmail.com
Wed Jun 17 20:17:20 CEST 2015
Hi,
On Wed, Jun 17, 2015 at 2:51 AM, Alan DeKok <aland at deployingradius.com> wrote:
> On Jun 16, 2015, at 7:02 PM, Isaac Boukris <iboukris at gmail.com> wrote:
>> I can confirm the crashes are gone and it works well.
>> I still have the linkage run time issue unless I add 'sasl.c' to
>> 'rlm_ldap/all.mk.in' with v3.0 (no build-tools expert).
>
> I've pushed a fix.
Thanks Alan!
I've made some progress with my 'LDAP not responding problem'.
If I set "SASL_SECPROPS maxssf=0" in my 'ldap.conf' file then both
'ldapsearch' and 'radiusd' won't encrypt the search request and -
most importantly - the LDAP server answers to both of them!
So I guess we can call that 'working' for now as the admin
authentication use kerberos.
I'll try however to investigate further why 'radiusd' won't encrypt
like 'ldapsearch' does when I don't limit 'ssf'.
Also interesting to understand how this is negotiated at sasl level
(as I'm convinced now).
Regards,
Isaac B.
More information about the Freeradius-Users
mailing list