LDAP + SASL Freeradius 3.0.11
mbeckler at overturecenter.org
Fri May 6 20:14:52 CEST 2016
From: Danner, Mearl <jmdanner at samford.edu>
Sent: Thursday, May 5, 2016 7:46 PM
To: freeradius-users at lists.freeradius.org
Subject: RE: LDAP + SASL Freeradius 3.0.11
> Sometimes cn is not equal to samaccountname.
I have verified the cn is identical to the samaccountanem. I even renamed the account to make sure it was correct.
> In ad cn is a multivalued attribute. Make sure that the user only has one value in cn and use that value.
I have verified this as well.
I think 52e return specifically means invalid password from my research. It means username valid password/credential invalid.
I wonder if something is happening to the password before it gets sent. I turned commented out sasl mech and did a tcpdump and the password looked correct in the packet.
Also I did tcpdump both with running ldapsearch that worked and freeradius -X that did not and from what is human readable in the capture is very similar.
More information about the Freeradius-Users