Freeradius-Users Digest, Vol 119, Issue 126

Rui Ribeiro ruyrybeyro at gmail.com
Mon Mar 30 21:57:10 CEST 2015


Hi Adam,

Install again it in a testing machine, and/or diff against sources. Try to
document and understand what you have done, one of these days you will have
to debug it.
Become acquainted with raddebug and radmin.

Regards,
Rui Ribeiro


> Message: 6
> Date: Mon, 30 Mar 2015 15:33:07 -0400
> From: Adam Schappell <aschappell at clearedgeit.com>
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Subject: Re: Help PLease
> Message-ID:
>         <
> CAHoRX4+Uig8kcUsr_qFdKqnKRptnxEj_kDFFUXD_H7+ksjd6hg at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> Thanks for everyones help. I dont know what exactly I did but I got access
> accept..
>
> Found Auth-Type = LDAP
>
> # Executing group from file /etc/raddb/sites-enabled/default
>
> +- entering group LDAP {...}
>
> [ldap] login attempt by "radius" with password "test"
>
> [ldap] user DN:
> CN=rtest,OU=Users,OU=Jetestp,OU=ClearEdge,DC=corp,DC=test,DC=com
>
>   [ldap] (re)connect to dc1.corp.clearedgeit.com:389, authentication 1
>
>   [ldap] bind as
> CN=rtests,OU=Users,OU=test,OU=ClearEdge,DC=corp,DC=testeit,DC=com/test to
> dc1.corp.clearedgeit.com:389
>
>   [ldap] waiting for bind result ...
>
>   [ldap] Bind was successful
>
> [ldap] user radius authenticated succesfully
>
> ++[ldap] returns ok
>
> # Executing section post-auth from file /etc/raddb/sites-enabled/default
>
> +- entering group post-auth {...}
>
> ++[exec] returns noop
>
> Sending Access-Accept of id 135 to 127.0.0.1 port 48249
>
> Finished request 0.
>
> Going to the next request
>
> Waking up in 4.9 seconds.
>
> Cleaning up request 0 ID 135 with timestamp +8
>
> Ready to process requests.
>
> Adam Schappell
> System Administrator II
> Clearedge IT Solutions, LLC
> 10620 Guilford Road
> Jessup, MD 20794
> Office:443-212-4712
> Fax:443-212-4809
> www.ClearEdgeIT.com <http://www.clearedgeit.com/>
>
>
> On Mon, Mar 30, 2015 at 3:23 PM, <A.L.M.Buxey at lboro.ac.uk> wrote:
>
> > Hi,
> >
> > > I get its failing but I do not know what else to set it to, It is the
> >
> > read the error. deduce the issue
> >
> > > [ldap] expand:
> (&(SAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
> > ->
> > > (&(SAMAccountName=radius)
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> > thats wehat came out of the expansion of your current config
> >
> > >   [ldap] performing search in dc=corp,dc=clearedgeit,dc=com, with
> filter
> > > (&(SAMAccountName=radius)
> > >
> > >   [ldap] ldap_search() failed: Bad search filter:
> > (&(SAMAccountName=radius)
> >
> > and thats the result
> >
> > > [ldap] search failed
> >
> > which means that happens
> >
> >
> > the binding and the searching are 2 different things.  you had 'working'
> > but
> > failing search with uid - you've now just got a broken search
> >
> > I'd just hazard a guess that you should be using eg
> > (&(sAMAccountName=%{Stripped-User-Name:-%{User-Name})
> >
> > note how upper and lower case have been chosen.
> >
> > alan
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
>
>
-- 
Regards,

--
Rui Ribeiro
Senior Sysadm
ISCTE-IUL
https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434


More information about the Freeradius-Users mailing list