Problem with authentication against FreeIPA
mcn at freeradius.org
Thu Aug 22 12:27:01 CEST 2019
On Thu, 2019-08-22 at 06:41 +0000, Daniel Osielczak via Freeradius-
> FreeRADIUS Version 3.0.13
> rlm_ldap (ldap): Connecting to ldap://ipa1.domain:389
> TLSMC: MozNSS compatibility interception begins.
> tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present.
> tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only.
> TLSMC: MozNSS compatibility interception ends.
> (0) ldap: Using user DN from request "uid=newldaptest,cn=users,cn=accounts,dc=domain"
> (0) ldap: Starting SASL mech(s): GSSAPI
> SASL/GSSAPI authentication started
> (0) ldap: ERROR: Bind with uid=newldaptest,cn=users,cn=accounts,dc=domain to ldap://ipa1.domain:389 failed: Local error
Looks like you're using CentOS/RHEL, which has ldap compiled against
NSS. That breaks things with FreeRADIUS (compiled against OpenSSL).
Try installing the FreeRADIUS packages from
https://packages.networkradius.com/ and follow the instructions on that
page to install the LDAP libraries from the LTB project instead, which
are compiled against OpenSSL.
More information about the Freeradius-Users