Freeradius 3.0.17 EAP-TLS Authentication with LDAP Authorization
Kevin Virk
Kevin.Virk at faithlife.com
Wed Aug 22 17:43:57 CEST 2018
Thank you Alan! That is what I assumed however I was told that this was the LDAP quering account but it must not be because than an a successful bind would occur. Thank you for your time I appreciate it!
From: Freeradius-Users <freeradius-users-bounces+kevin.virk=faithlife.com at lists.freeradius.org> on behalf of freeradius-users-request at lists.freeradius.org <freeradius-users-request at lists.freeradius.org>
Sent: Wednesday, August 22, 2018 3:00 AM
To: freeradius-users at lists.freeradius.org
Subject: Freeradius-Users Digest, Vol 160, Issue 45
Send Freeradius-Users mailing list submissions to
freeradius-users at lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-request at lists.freeradius.org
You can reach the person managing the list at
freeradius-users-owner at lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: Freeradius 3.0.17 EAP-TLS Authentication with LDAP
Authorization (Alan DeKok)
----------------------------------------------------------------------
Message: 1
Date: Tue, 21 Aug 2018 18:09:19 -0400
From: Alan DeKok <aland at deployingradius.com>
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Subject: Re: Freeradius 3.0.17 EAP-TLS Authentication with LDAP
Authorization
Message-ID: <FDDB0943-3129-4341-8965-7D98F5AAF5E4 at deployingradius.com>
Content-Type: text/plain; charset=us-ascii
> On Aug 21, 2018, at 3:29 PM, Kevin Virk <Kevin.Virk at faithlife.com> wrote:
>
> Hello all I have followed previous advice given to me and upgraded my install to FreeRADIUS 3.0.17 . I am trying to achieve a setup where computers are let onto company internet via eap-tls and then are separated into VLANS with ldap after this. Currently I believe I have eap-tls working as my eapol test has been successful. However after adding in the ldap module I am getting a bind error which I know is an LDAP error and not a freeradius one. I was hoping someone here could take a look at my debug info and see if I have overlooked anything.
The debug message should be clear:
> ...
> (6) ldap: Performing search in "dc=Domain,dc=net" with filter "(samaccountname=client.pem)", scope "sub"
> (6) ldap: Waiting for search result...
> (6) ldap: ERROR: Failed performing search: Operations error with LDAP database. Please see the LDAP server configuration / documentation for more information.
> (6) ldap: ERROR: Server said: 000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580.
The LDAP database requires FreeRADIUS to do a bind before a search. That message should be clear.
Fix the LDAP database so that it lets FreeRADIUS do searches.
The LDAP module is configured as:
ldap {
server = "Domain.net"
identity = "cn=ldap.query,ou=service.accounts,ou=Users,ou=operations,ou=departments,dc=Domain,dc=net"
password = <<< secret >>>
That user identity isn't allowed to do LDAP searches.
So... fix the LDAP database so that user identity can do LDAP searches.
Alan DeKok.
------------------------------
Subject: Digest Footer
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
------------------------------
End of Freeradius-Users Digest, Vol 160, Issue 45
*************************************************
More information about the Freeradius-Users
mailing list