winbindd_priv dont exist

Alan DeKok aland at deployingradius.com
Wed Dec 13 20:55:28 CET 2017


On Dec 13, 2017, at 2:21 PM, Carlos Bordon <cgermanb at live.com.ar> wrote:
> 
> the cokmplete debug, thanks

  Again... please follow instructions.  "radiusd -X", not "radiusd -Xx" or anything else.

...
including configuration file /etc/raddb/mods-enabled/ldap

  And then:

ldap {
...
 options {
 	ldap_debug = 40
 	chase_referrals = yes
 	rebind = yes
 	net_timeout = 1

  So that's good.

  And then:

ERROR: (0) ldap: Failed performing search: Please set 'chase_referrals=yes' and 'rebind=yes'. See the ldap module configuration for details.

  I'll push a fix for 3.0.16 that doesn't complain if you've already set that. I can see why that's confusing.

ERROR: (0) ldap: Server said: 00002020: Operation unavailable without authentication. 

  So that should be instructive.  Looking at the LDAP module configuration in /etc/raddb/mods-enabled/ldap,  we see:

	#  Administrator account for searching and possibly modifying.
	#  If using SASL + KRB5 these should be commented out.
#	identity = 'cn=admin,dc=example,dc=org'
#	password = bypass

  So you should set that.

  Your AD server is configured to disallow anonymous binds.  It requires a username / password.

  Alan DeKok.

  


More information about the Freeradius-Users mailing list