Problem with authentication against FreeIPA
aland at deployingradius.com
Mon Oct 21 13:47:33 CEST 2019
On Oct 21, 2019, at 6:04 AM, Daniel Osielczak via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote
> I got it to work but there is a weird issue with SASL:
> rlm_ldap: libldap vendor: OpenLDAP, version: 20448
> rlm_ldap (ldap): Couldn't find configuration for accounting, will return NOOP for calls from this section
> rlm_ldap (ldap): Couldn't find configuration for post-auth, will return NOOP for calls from this section
> /etc/raddb/mods-enabled/ldap: Configuration item 'sasl.mech' not supported. Linked libldap does not provide ldap_sasl_interactive_bind function
> /etc/raddb/mods-enabled/ldap: Instantiation failed for module "ldap"
> This is by no means a deal-braker in our current setup so I continue to use radius without SALS but I find it odd, especially that both libldaps (the CentOS one and the NetworkRADIUS one) actually provide this function.
The message really means that SASL was not found when rlm_ldap was built. It doesn't really matter if libldap provides a ldap_sasl_interactive_bind function, as it's hard for rlm_ldap to determine that at run-time.
> Any idea why that is?
rlm_ldap has to be built with SASL support. See the output of configure as to why it's not building with SASL support.
More information about the Freeradius-Users