LDAP + SASL Freeradius 3.0.11

Matthew Beckler mbeckler at overturecenter.org
Thu May 12 21:49:08 CEST 2016

So abandoning MD5 trying to get Kerberos working.
I can do an ldapsearch with GSSAPI however when I try to run  sudo freeradius -X I get an error.
Could not find a step by step document on setting up GSSAPI Kerberos to LDAP so I could have missed some steps.
Basically what I have done created keytab file with credentials in it.
I have tested by running Kinit with keytab file then running ldapsearch and I get results successfully.

I set environmental variable KRB5_CLIENT_KTNAME.

Here is the error I get : 

rlm_ldap (ldap): Opening additional connection (0), 1 of 32 pending slots used
rlm_ldap (ldap): Connecting to ldap://srv1.dc.local:389
rlm_ldap (ldap): Starting SASL mech(s): GSSAPI
SASL/GSSAPI authentication started
rlm_ldap (ldap): Bind with ldaplookup at dc.local to ldap://dc.local:389 failed: Local error
rlm_ldap (ldap): Opening connection failed (0)
rlm_ldap (ldap): Removing connection pool
/etc/freeradius/mods-enabled/ldap[8]: Instantiation failed for module "ldap"

Interesting that Sudo Klist before running Freeradius -X says  "Credentials cache file not found" after running freeradius -x I now have a cache file so it appears to be getting past the part similar to kinit.


More information about the Freeradius-Users mailing list