LDAP + SASL Freeradius 3.0.11

Danner, Mearl jmdanner at samford.edu
Tue May 10 16:59:50 CEST 2016



> -----Original Message-----
> From: Freeradius-Users [mailto:freeradius-users-
> bounces+jmdanner=samford.edu at lists.freeradius.org] On Behalf Of
> Matthew Beckler
> Sent: Tuesday, May 10, 2016 8:30 AM
> To: freeradius-users at lists.freeradius.org
> Subject: RE: LDAP + SASL Freeradius 3.0.11
> 
> So since my Ldapsearch works but Freeradius is not I must be doing
> something different on my ldapsearch string then what Freeradius is doing?
> Can anyone tell me what an ldapsearch string with MD5-DIGEST would look
> like to duplicate how Freeradius is trying to do it.
> 
> My current LDAP search string is this and it works fine:
> ldapsearch -LLL -Y "DIGEST-MD5" -h dc.dc.local -U ldaplookup -W -b
> "ou=Users,ou=OU,dc=dc,dc=local" sAMAccountName=usertoget
> 

I'll try again.

Have you tried simple authentication with ldapsearch i.e.:

ldapsearch -x -h host -b basedn -D binddn -W <search parameters>

The mechanism in AD is different with SASL DIGEST-MD5 and simple authentication.

https://msdn.microsoft.com/en-us/library/cc223500.aspx

Third paragraph explains how one might receive the "invalid credentials" error.

Also, have you tried changing the password for the user in case there is some Unicode UTF8 magic going on?

> However I receive the previously mentioned 52e error (invalid credentials)
> when trying to start Freeradius with that user entered in the LDAP config.
> 
> Thanks
> Matt
> 
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list