OpenDirectory Authentication fails
Alan DeKok
aland at deployingradius.com
Tue Feb 4 16:48:55 CET 2020
On Feb 4, 2020, at 7:05 AM, Carsten Kirschner via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> We have freeradius with the open directory plugin, which accesses a mac server to authenticate users. This works for most users, but we have a few users that experience errors what I cannot understand.
>
> In the inner tunnel the OpenDirectory plugin accesses the server and when it fails it logs a weird value for shortUserName (HWeissbrodt7.0.0A?؎???). For the users which can use the radius server username_string and shortUserName are the same.
The shortUserName comes from OpenDirectory. i.e. FreeRADIUS asks OpenDirectory for the short name, and that's what OD returns.
> I traced the debug print to https://github.com/ether42/freeradius-ldap-kerberos/blob/master/radius/freeradius-server-3.1.0/src/modules/rlm_mschap/opendir.c#L153
Huh? There *is* an official FreeRADIUS repository: https://github.com/FreeRADIUS/freeradius-server/
> which suggests — for me — that it is a problem with the open directory communication, but I am neither sure nor can I see how the shortUserName can become that strange in the first place.
I don't know. If that's what comes back from OpenDirectory, there isn't much that FreeRADIUS can do about it.
Alan DeKok.
More information about the Freeradius-Users
mailing list