Freeradius 3 - eDirectory Problem
Willy Offermans
FreeWilly at Offermans.Rompen.nl
Tue May 17 16:08:09 CEST 2016
Dear Bebbet,
Are you familiar with ldap tools, such as ldapsearch etc? If yes, I would
recommend to search your ``ldap'' server using these tools. Apply exactly
the same base and filter, as you specified in your freeradius config. I
would expect the same number of records. If not, then this weird and needs
a deeper investigation. If yes, narrow down the number of records with your
filter, till you get your desired result. Put this filter into the config
file of freeradius.
There is another interesting warning in the debug info: ``Performing
unfiltered search in "", scope "sub"`` This needs a second thought as well.
On Tue, May 17, 2016 at 03:38:47PM +0200, Bebbet van Dinges wrote:
> Hello Willy,
>
> Yes i gathered that much, only i'm not sure how to continue, i've tested
> quite some different possible filters, but all seem to do exactly the
> same, with the same 17** results.. Have i overlooked something?
>
> Kind regards,
> Bebbet
>
> On 17-5-2016 15:35, Willy Offermans wrote:
> > Dear Bebbet,
> >
> > Your answer is already included in the debug information:
> >
> > ``specify a more restrictive base_dn, filter or scope''
> >
> > Your ``ldap'' server returns more than 1 result upon request. This is not
> > expected.
> >
> >
> > On Tue, May 17, 2016 at 03:20:12PM +0200, Bebbet van Dinges wrote:
> >> Hello,
> >>
> >> I'm trying to authorize/authenticate my wifi users against edirectory
> >> with Freeradius3, which doesn't work. It worked with this configuration
> >> in 2.2, but doesn't seem to provide the required result anymore.
> >>
> >> I hope you can give me some pointers where to look next.
> >>
> >> Yours sincerely,
> >> Bebbet
> >>
> >>
> >> from raddebug:
> >>
> >> (74) Tue May 17 12:19:27 2016: Debug: openldap: Performing unfiltered
> >> search in "", scope "sub"
> >> (74) Tue May 17 12:19:27 2016: Debug: openldap: Waiting for search result...
> >> (74) Tue May 17 12:19:30 2016: ERROR: openldap: Ambiguous search result,
> >> returned 1723 unsorted entries (should return 1 or 0). Enable sorting,
> >> or specify a more restrictive base_dn, filter or scope
> >> (74) Tue May 17 12:19:30 2016: ERROR: openldap: The following entries
> >> were returned:
> >>
> >>
> >> [All the records in our directory\
> >>
> >>
> >> /usr/loca/pf/raddb/modules-enabled/ldap:
> >>
> >> ldap openldap {
> >> server = "dns3.desaad.nl"
> >> port = 636
> >> identity = "cn=admin,o=desaad"
> >> password = "You wish.."
> >> basedn = "o=desaad"
> >> # filter = "(cn=%{mschap:User-Name})"
> >> filter
> >> ="(&(objectClass=inetOrgPerson)(uid=%{Stripped-User-Name:-%{User-Name}}))"
> >> ldap_connections_number = 5
> >> timeout = 4
> >> timelimit = 3
> >> net_timeout = 1
> >>
> >>
> >> access_attr = cn
> >> password_attribute = nspmPassword
> >>
> >>
> >> tls {
> >> start_tls = no
> >> require_cert = "allow"
> >> }
> >> dictionary_mapping = ${confdir}/ldap.attrmap
> >> edir_account_policy_check = yes
> >>
> >> keepalive {
> >> # LDAP_OPT_X_KEEPALIVE_IDLE
> >> idle = 60
> >>
> >> # LDAP_OPT_X_KEEPALIVE_PROBES
> >> probes = 3
> >>
> >> # LDAP_OPT_X_KEEPALIVE_INTERVAL
> >> interval = 3
> >> }
> >> }
> >> -
> >> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Met vriendelijke groeten,
With kind regards,
Mit freundlichen Gruessen,
De jrus wah,
Will
*************************************
Powered by ....
(__)
\\\'',)
\/ \ ^
.\._/_)
www.FreeBSD.org
More information about the Freeradius-Users
mailing list