hello

Roberto Rios rrios at chattanooga.gov
Mon Aug 15 17:01:12 CEST 2016 

hi. I have a fresh install of freeradius on Centos7. I have been trying to
connect via ldap to active directory for a few days now, but I still get
this error:

.
.
.
.

# Instantiating module "ldap" from file /etc/raddb/mods-enabled/ldap

Mon Aug 15 10:54:30 2016 : Debug:   ldap {

Mon Aug 15 10:54:30 2016 : Debug:   server = "xx.xx.xx."

Mon Aug 15 10:54:30 2016 : Debug:   port = 389

Mon Aug 15 10:54:30 2016 : Debug:   password = "xxxxxx2016"

Mon Aug 15 10:54:30 2016 : Debug:   identity = "cn=xxxxx,dc=xxxxx,dc=xxx"

Mon Aug 15 10:54:30 2016 : Debug:    user {

Mon Aug 15 10:54:30 2016 : Debug:    filter =
"(uid=%{%{Stripped-User-Name}:-%{User-Name}})"

Mon Aug 15 10:54:30 2016 : Debug:    scope = "sub"

Mon Aug 15 10:54:30 2016 : Debug:    base_dn = "xxxxxx,dc=xxx"

Mon Aug 15 10:54:30 2016 : Debug:    access_positive = yes

Mon Aug 15 10:54:30 2016 : Debug:    }

Mon Aug 15 10:54:30 2016 : Debug:    group {

Mon Aug 15 10:54:30 2016 : Debug:    filter = "(objectClass=posixGroup)"

Mon Aug 15 10:54:30 2016 : Debug:    scope = "sub"

Mon Aug 15 10:54:30 2016 : Debug:    base_dn = "dc=xxxxx,dc=xxx"

Mon Aug 15 10:54:30 2016 : Debug:    name_attribute = "cn"

Mon Aug 15 10:54:30 2016 : Debug:    membership_attribute = "memberOf"

Mon Aug 15 10:54:30 2016 : Debug:    cacheable_name = no

Mon Aug 15 10:54:30 2016 : Debug:    cacheable_dn = no

Mon Aug 15 10:54:30 2016 : Debug:    }

Mon Aug 15 10:54:30 2016 : Debug:    client {

Mon Aug 15 10:54:30 2016 : Debug:    filter = "(objectClass=frClient)"

Mon Aug 15 10:54:30 2016 : Debug:    scope = "sub"

Mon Aug 15 10:54:30 2016 : Debug:    base_dn = "dc=xxxxxx,dc=xxx"

Mon Aug 15 10:54:30 2016 : Debug:     attribute {

Mon Aug 15 10:54:30 2016 : Debug:     identifier = "radiusClientIdentifier"

Mon Aug 15 10:54:30 2016 : Debug:     shortname = "cn"

Mon Aug 15 10:54:30 2016 : Debug:     secret = "radiusClientSecret"

Mon Aug 15 10:54:30 2016 : Debug:     }

Mon Aug 15 10:54:30 2016 : Debug:    }

Mon Aug 15 10:54:30 2016 : Debug:    profile {

Mon Aug 15 10:54:30 2016 : Debug:    filter = "(&)"

Mon Aug 15 10:54:30 2016 : Debug:    }

Mon Aug 15 10:54:30 2016 : Debug:    options {

Mon Aug 15 10:54:30 2016 : Debug:    ldap_debug = 40

Mon Aug 15 10:54:30 2016 : Debug:    chase_referrals = yes

Mon Aug 15 10:54:30 2016 : Debug:    rebind = yes

Mon Aug 15 10:54:30 2016 : Debug:    net_timeout = 1

Mon Aug 15 10:54:30 2016 : Debug:    res_timeout = 20

Mon Aug 15 10:54:30 2016 : Debug:    srv_timelimit = 20

Mon Aug 15 10:54:30 2016 : Debug:    idle = 60

Mon Aug 15 10:54:30 2016 : Debug:    probes = 3

Mon Aug 15 10:54:30 2016 : Debug:    interval = 3

Mon Aug 15 10:54:30 2016 : Debug:    }

Mon Aug 15 10:54:30 2016 : Debug:    tls {

Mon Aug 15 10:54:30 2016 : Debug:    start_tls = no

Mon Aug 15 10:54:30 2016 : Debug:    }

Mon Aug 15 10:54:30 2016 : Debug:   }

Mon Aug 15 10:54:30 2016 : Warning: rlm_ldap: Falling back to build time
libldap version info.  Query for LDAP_OPT_API_INFO returned: -1

Mon Aug 15 10:54:30 2016 : Info: rlm_ldap: libldap vendor: OpenLDAP
version: 20439

Mon Aug 15 10:54:30 2016 : Debug:    accounting {

Mon Aug 15 10:54:30 2016 : Debug:    reference =
"%{tolower:type.%{Acct-Status-Type}}"

Mon Aug 15 10:54:30 2016 : Debug:    }

Mon Aug 15 10:54:30 2016 : Debug:    post-auth {

Mon Aug 15 10:54:30 2016 : Debug:    reference = "."

Mon Aug 15 10:54:30 2016 : Debug:    }

Mon Aug 15 10:54:30 2016 : Debug: rlm_ldap (ldap): Using local pool section

Mon Aug 15 10:54:30 2016 : Debug: rlm_ldap (ldap): No pool reference found
in "ldap.pool"

Mon Aug 15 10:54:30 2016 : Debug: rlm_ldap (ldap): Initialising connection
pool

Mon Aug 15 10:54:30 2016 : Debug:    pool {

Mon Aug 15 10:54:30 2016 : Debug:    start = 5

Mon Aug 15 10:54:30 2016 : Debug:    min = 4

Mon Aug 15 10:54:30 2016 : Debug:    max = 32

Mon Aug 15 10:54:30 2016 : Debug:    spare = 3

Mon Aug 15 10:54:30 2016 : Debug:    uses = 0

Mon Aug 15 10:54:30 2016 : Debug:    lifetime = 0

Mon Aug 15 10:54:30 2016 : Debug:    cleanup_interval = 30

Mon Aug 15 10:54:30 2016 : Debug:    idle_timeout = 60

Mon Aug 15 10:54:30 2016 : Debug:    retry_delay = 1

Mon Aug 15 10:54:30 2016 : Debug:    spread = no

Mon Aug 15 10:54:30 2016 : Debug:    }

Mon Aug 15 10:54:30 2016 : Info: rlm_ldap (ldap): Opening additional
connection (0)

Mon Aug 15 10:54:30 2016 : Debug: rlm_ldap (ldap): Connecting to
xx.x.xx.x:389

Mon Aug 15 10:54:30 2016 : Debug: rlm_ldap: New libldap handle
0x7f4a86f06d20

Mon Aug 15 10:54:30 2016 : Debug: rlm_ldap (ldap): Waiting for bind
result...

Mon Aug 15 10:54:30 2016 : Error: rlm_ldap (ldap): Bind credentials
incorrect: Invalid credentials

Mon Aug 15 10:54:30 2016 : Error: rlm_ldap (ldap): Server said: 80090308:
LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e,
v1db1.

Mon Aug 15 10:54:30 2016 : Debug: rlm_ldap: Closing libldap handle
0x7f4a86f06d20

Mon Aug 15 10:54:30 2016 : Error: rlm_ldap (ldap): Opening connection
failed (0)

Mon Aug 15 10:54:30 2016 : Debug: rlm_ldap (ldap): Removing connection pool

Mon Aug 15 10:54:30 2016 : Error: /etc/raddb/mods-enabled/ldap[8]:
Instantiation failed for module "ldap"

What I found in google is that it might be a bad pass (52e), but password
is correct and account is active.

More information about the Freeradius-Users mailing list