LDAP, SASL GSSAPI, and group membership, rebind fails

Alan DeKok aland at deployingradius.com
Thu Sep 29 21:39:57 CEST 2016


> On Sep 29, 2016, at 3:04 PM, Tom Carroll <Thomas.Carroll at pnnl.gov> wrote:
> 
> Hello list,
> 
> I'm experiencing difficulties with freeradius-3.0.11 when using Ldap-Group and SASL GSSAPI mechanism.
> 
> rlm_ldap can successfully query for user accounts,binding anonyously and SASL GSSAPI. But when it queries for group membership, rebind operation fails, erroring:
> 
> Strong(er) authentication required
> Server said: SASL:[GSSAPI]: Sign or Seal are required..

  Fix your LDAP server so that FreeRADIUS is allowed to search it.  Typically this is done by making a read-only admin account in LDAP, and using that with FreeRADIUS.

  Alan DeKok.




More information about the Freeradius-Users mailing list