LDAP + SASL Freeradius 3.0.11

Matthew Beckler mbeckler at overturecenter.org
Sun May 15 18:01:35 CEST 2016




________________________________
From: Isaac Boukris <iboukris at gmail.com>
Sent: Friday, May 13, 2016 11:47 AM
To: FreeRadius users mailing list
Subject: Re: LDAP + SASL Freeradius 3.0.11


>Let's leave client keytab aside, if you run 'kinit' followed by
>'radiusd -X' does it work (identity commented out)?
>And makes sure to specify correct FQDN of the DC server.

Same error. Ldapsearch did work after I tried freeradius -X
So What I did was this :
sudo kinit ldaplookup
sudo freeradius -X

Got this:
rlm_ldap (ldap): Opening additional connection (0), 1 of 32 pending slots used
rlm_ldap (ldap): Connecting to ldap://dc01.dc.local:389
rlm_ldap (ldap): Starting SASL mech(s): GSSAPI
SASL/GSSAPI authentication started
rlm_ldap (ldap): Bind with (anonymous) to ldap://ovdc01.ov.local:389 failed: Local error
rlm_ldap (ldap): Opening connection failed (0)
rlm_ldap (ldap): Removing connection pool
/etc/freeradius/mods-enabled/ldap[8]: Instantiation failed for module "ldap"

Then ran ldapsearch and it worked
sudo ldapsearch -LLL -h dc01.dc.local -b "ou=Users,dc=dc,dc=local" sAMAccountName

SASL/GSSAPI authentication started
SASL username: ldaplookup at dc.LOCAL
SASL SSF: 56
SASL data security layer installed.

Matt




More information about the Freeradius-Users mailing list