I would like to ldap bind with username instead of DN

Alan DeKok aland at deployingradius.com
Sun Jun 21 23:12:10 CEST 2020


On Jun 21, 2020, at 4:26 PM, Wessel Louwris <wessel at stutit.nl> wrote:
> Well, from this wiki:  "start the server in debugging mode: radiusd -X”
> which is what I did.
> 
> And: “If you get stuck, ask for help on the freeradius-users mailing list. Include a description of what you are trying to do, and the entire debugging output, especially output showing the server receiving and processing test packets.”
> 
> Maybe I understand things wrong, but the “especially” statement is kind of saying “not the whole process of starting up the server” . 

  "Especially" in this case means "please include packet processing".  It doesn't mean "delete everything else".

  And why do we say "please include packet processing"?  Because when we just said "post the debug output", we had an endless stream of people posting the debug output where the server started up... and didn't process packets.  How they expected to debug packet processing that way, I have zero clue.

  So the message is pretty clear: no matter what we say, people will interpret it as the *opposite* of what we said.

> So I posted only my output showing the server receiving and processing test packets. At least, I think I did that. 
> But for Alan’s response I think start up is the part he’s missing? 

  The wiki page shows a FULL debug output.  Starting up, AND packet processing.  You were told to NOT edit the debug output, and instead post the FULL debug output.  So... an edited debug output was posted.

> Anyway… I have an idea where I should be looking at: only using LDAP for authenticate and using the files part for authorization. I’m diving into the docs etc now. 

  That would be nice.

  What I *don't* like is hiding information.  If you use some random docker image to run FreeRADIUS, then you need to SAY SO in the first message to the list.  Or, you need to contact the author of that image, and ask him why his image doesn't work.  When you ask us to debug someone else's broken configuration, it's annoying.

  Our software works.  Our documentation is pretty good.  To the point where a high percentage of messages on this list are "PLEASE FOR THE LOVE OF GOD READ THE DOCS".

  Alan DeKok.




More information about the Freeradius-Users mailing list