Yet Another PEAP-MSCHAPV2 problem

Matthew Newton mcn4 at leicester.ac.uk
Mon Sep 21 22:51:24 CEST 2015


On Mon, Sep 21, 2015 at 03:34:19PM -0500, Alex Moen wrote:
> >When you bind as the same account FR binds as and do a search as
> >below, does it find anything?
> >
> >>(19) ldap: Performing search in "o=ndtc" with filter "(uid=debio)", scope "sub"
> 
> [root at ndtc-fs]# ldapsearch -x -H ldap://66.163.129.140 -D
> 'cn=admin,o=ndtc' -W -b 'uid=debio at ndtel.com,ou=ndtel,o=ndtc' -s sub

How about the same search base/filter that FreeRADIUS is doing?

$ ldapsearch -x -H ldap://66.163.129.140 -D 'cn=admin,o=ndtc' -W -b 'o=ndtc' -s sub '(uid=debio)'

> # extended LDIF
...
> # debio at ndtel.com, ndtel, ndtc
> dn: uid=debio at ndtel.com,ou=ndtel,o=ndtc
> uid: debio at ndtel.com

This isn't 'debio' - and I'm pretty sure that LDAP won't match
just part of a field? AD here certainly doesn't seem to.

What does the other record look like?

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list