Problem with LDAP queries

Alan DeKok aland at deployingradius.com
Mon Sep 9 15:30:07 CEST 2019


On Sep 7, 2019, at 5:57 PM, edson luiz <xxicx at hotmail.com> wrote:
> 
> I currently have a freeradius + LDAP server, I'm having a big problem, authentication works inconsistently, even for valid users with correct credentials, there are times when the user authenticates and at times not, the error is displayed:
> (11) ldap: ERROR: Bind with uid = test, or = wifi, dc = test, dc = org to ldap: //X.X.X.X failed: Other (e.g., implementation specific) error

  That's unhelpful.  This error comes directly from LDAP, so there isn't much that we can do about it.

> (11) ldap: ERROR: Server said: Failure authenticating with password.
> 
> The curious thing is that the problem only occurs in the authentication phase, I captured and analyzed the traffic of queries and strangely the information goes incorrect, it uses information from another user (one of the last connections), mixing everything, I think this is the problem, but I don't know what is causing it.

  The server doesn't do that.  For the simple reason that each request is processed in isolation.  There's no way for one request to get the information of another request.

  LDAP connections are re-used for performance, but that can't cause this issue.  The LDAP connections *only* do queries using the admin name/password supplied in the configuration.  If FreeRADIUS does a "bind as user" with a connection, then it closes the connection.  This prevents cross-contamination of user credentials.

  But one connection *will* do queries for multiple users.  That's by design, and it's documented as doing that.

  If you really want to see what's going on, then post the debug output.

  Alan DeKok.




More information about the Freeradius-Users mailing list