OpenDirectory Authentication fails

Alan DeKok aland at deployingradius.com
Tue Feb 4 16:48:55 CET 2020


On Feb 4, 2020, at 7:05 AM, Carsten Kirschner via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
>    We have freeradius with the open directory plugin, which accesses a mac server to authenticate users. This works for most users, but we have a few users that experience errors what I cannot understand.
> 
>    In the inner tunnel the OpenDirectory plugin accesses the server and when it fails it logs a weird value for shortUserName (HWeissbrodt7.0.0A?؎???). For the users which can use the radius server username_string and shortUserName are the same.

  The shortUserName comes from OpenDirectory.  i.e. FreeRADIUS asks OpenDirectory for the short name, and that's what OD returns.

>    I traced the debug print to https://github.com/ether42/freeradius-ldap-kerberos/blob/master/radius/freeradius-server-3.1.0/src/modules/rlm_mschap/opendir.c#L153

  Huh?  There *is* an official FreeRADIUS repository:  https://github.com/FreeRADIUS/freeradius-server/

> which suggests — for me — that it is a problem with the open directory communication, but I am neither sure nor can I see how the shortUserName can become that strange in the first place.

  I don't know.  If that's what comes back from OpenDirectory, there isn't much that FreeRADIUS can do about it.

  Alan DeKok.




More information about the Freeradius-Users mailing list