LDAP, SASL GSSAPI, and group membership, rebind fails
Alan DeKok
aland at deployingradius.com
Thu Sep 29 21:39:57 CEST 2016
> On Sep 29, 2016, at 3:04 PM, Tom Carroll <Thomas.Carroll at pnnl.gov> wrote:
>
> Hello list,
>
> I'm experiencing difficulties with freeradius-3.0.11 when using Ldap-Group and SASL GSSAPI mechanism.
>
> rlm_ldap can successfully query for user accounts,binding anonyously and SASL GSSAPI. But when it queries for group membership, rebind operation fails, erroring:
>
> Strong(er) authentication required
> Server said: SASL:[GSSAPI]: Sign or Seal are required..
Fix your LDAP server so that FreeRADIUS is allowed to search it. Typically this is done by making a read-only admin account in LDAP, and using that with FreeRADIUS.
Alan DeKok.
More information about the Freeradius-Users
mailing list