LDAP + SASL Freeradius 3.0.11

Arran Cudbard-Bell a.cudbardb at freeradius.org
Sun May 15 18:14:18 CEST 2016 

> On 15 May 2016, at 12:01, Matthew Beckler <mbeckler at overturecenter.org> wrote:
> 
> 
> 
> 
> ________________________________
> From: Isaac Boukris <iboukris at gmail.com>
> Sent: Friday, May 13, 2016 11:47 AM
> To: FreeRadius users mailing list
> Subject: Re: LDAP + SASL Freeradius 3.0.11
> 
> 
>> Let's leave client keytab aside, if you run 'kinit' followed by
>> 'radiusd -X' does it work (identity commented out)?
>> And makes sure to specify correct FQDN of the DC server.
> 
> Same error. Ldapsearch did work after I tried freeradius -X
> So What I did was this :
> sudo kinit ldaplookup
> sudo freeradius -X

Try with v3.1.x just in case some fixes went in there.

You also may need to specify keytab location and various other bits as environmental variables.

	#
	#  SASL parameters to use for admin binds
	#
	#  When we're prompted by the SASL library, the config items in the SASL
	#  section (in addition to the identity password config items above)
	#  determine the responses given.
	#
	#  If any directive is commented out, a NULL response will be
	#  provided to cyrus-sasl.
	#
	#  Unfortunately the only way to control Keberos here is through
	#  environmental variables, as cyrus-sasl provides no API to
	#  set the kerberos (libkrb5) config directly.
	#
	#  Full documentation for MIT krb5 can be found here:
	#
	#	http://web.mit.edu/kerberos/krb5-devel/doc/admin/env_variables.html
	#
	#  At a minimum you probably want to set KRB5_CLIENT_KTNAME.
	#
	sasl {
		# SASL mechanism
#		mech = 'PLAIN'

		# SASL authorisation identity to proxy.
#		proxy = 'autz_id'

		# SASL realm. Used for kerberos.
#		realm = 'example.org'
	}

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160515/f7eafa62/attachment.sig>

More information about the Freeradius-Users mailing list