Authentication us mySQL and AD(LDAP)

[chenjiang]

   Hi! Alan

   Thanks for the information.

   I still have one more question for the authentication logic, if the
   backend LDAP authentication fail but SQL authentication OK (the
   scanario is for WIFI access, internal employees account stored in LDAP
   and visitor account stored in mySQL), will FreeRADIUS returns
   âAuth-Acceptâ or âAuth-Rejectâ?
   BR!
   Chen Jiang
   Microshield Technology Co., Ltd
   å京å¸æµ·æ·åºè¥¿ä¸ç¯åè·¯50å·è±ªæ大å¦C2座18-19å± 100048
   (86)10-88518768
   (86)18612696123
   [1]chenjiang at microshield.com.cn
    åå§é®ä»¶
   å件人: Alan DeKok<aland at deployingradius.com>
   æ¶ä»¶äºº: FreeRadius users mailing
   list<freeradius-users at lists.freeradius.org>
   åéæ¶é´: 2015å¹´5æ26æ¥(å¨äº)â20:24
   主é¢: Re: Authentication us mySQL and AD(LDAP)
On May 25, 2015, at 10:06 PM, chenjiang <[2]chenjiang at microshield.com.cn> wrote:
>   Sorry for disturbing, I am struggleing with FreeRADIUS user
>   authentication through Windows AD(LDAP), but I found when enable LDAP
>   mySQL backend is not works any more.

  That shouldn't happen.  Odds are something else is going wrong.

>   From debug output(radius -X), we found even mySQL module returns
>   OK,FreeRADIUS still returns Accept-Reject when LDAP module returns
>   fail.

  Well, if the LDAP module fails, that's a problem.

>     [ldap] ldap_search() failed: Operations error

  Read raddb/modules/ldap.  Look for "operations error".  If it doesn't appear t
here, upgrade to 2.2.8.  This issue is fixed, and documented.

  And yes, you can use LDAP and MySQL at the same time.  There's no magic.  You
just use both, and both work.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See [3]http://www.freeradius.org/list/users.htm
l

References

   1. mailto:chenjiang at microshield.com.cn
   2. mailto:chenjiang at microshield.com.cn
   3. http://www.freeradius.org/list/users.html