LDAP + SASL Freeradius 3.0.11

Matthew Beckler mbeckler at overturecenter.org
Fri May 6 20:14:52 CEST 2016

From: Danner, Mearl <jmdanner at samford.edu>
Sent: Thursday, May 5, 2016 7:46 PM
To: freeradius-users at lists.freeradius.org
Subject: RE: LDAP + SASL Freeradius 3.0.11

> Sometimes cn is not equal to samaccountname.
 I have verified the cn is identical to the samaccountanem. I even renamed the account to make sure it was correct.

> In ad cn is a multivalued attribute. Make sure that the user only has one value in cn and use that value.
I have verified this as well.

I think 52e return specifically means invalid password from my research. It means username valid password/credential invalid.

I wonder if something is happening to the password before it gets sent. I turned commented out sasl mech and did a tcpdump and the password looked correct in the packet.

Also I did tcpdump both with running ldapsearch that worked and freeradius -X  that did not and from what is human readable in the capture is very similar.

More information about the Freeradius-Users mailing list