'Re: FreeRadius LDAP group verification not working for me'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: FreeRadius LDAP group verification not working for me
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2019-12-13 14:13:17
Message-ID: 87578F30-2286-4734-AEC8-BC61D2B78343 () deployingradius ! com
[Download RAW message or body]



> On Dec 13, 2019, at 8:57 AM, Condor via Freeradius-Users \
> <freeradius-users@lists.freeradius.org> wrote: 
> 
> Hi all, i'm really brand new on freeradius. i'm using freeradius 3.0.4

  Upgrade to 3.0.20. There are a lot of fixes.

> with ldap, ldap autethication work for me fine with "o=organitation" but not with \
> group = cn, maybe the ldap configuration is not the standart I'm following these \
> thread: lists.freeradius.org/pipermail/freeradius-users/2016-December/085971.html

  Why?  The comments in the default configuration are pretty darned clear.


> For me:
> in /mods-available/ldap

  Please read the documentation: http://wiki.freeradius.org/list-help

  We don't need to see the configuration files.

> on radius -X :
> Received Access-Request Id 125 from y.y.y.y:42420 to x.x.x.x:1812 length 78 \
> User-Name = 'usertest' User-Password = '*****' NAS-IP-Address = 127.0.1.1 NAS-Port \
> = 0 Message-Authenticator = 0x075a82e674d1e57b22856618bd3adc87(2) Received \
> Access-Request packet from host y.y.y.y port 42420, id=125, length=78(2)  User-Name \
> = 'usertest'(2)  User-Password = '*****'(2)  NAS-IP-Address = 127.0.1.1(2)  \
> NAS-Port = 0(2)  Message-Authenticator = 0x075a82e674d1e57b22856618bd3adc87(2)

  That's pretty much destroyed.  Please POST TEXT.  And NOT REFORMATTED TEXT.

  You should be able to see this in your mailer before you send the message.

> ... EXPAND o=organitation,cn=telecom(2)  ldap :    --> o=organitation,cn=telecom(2) \
> ldap : Performing search in 'o=organitation,cn=telecom' with filter \
> '(uid=usertest)', scope 'sub'(2)  ldap : Waiting for search result...(2)  ERROR: \
> ldap : Failed performing search: The specified DN wasn't found, check base_dn and \
> identity

  That seems to be pretty clear.

  The DN isn't found.  Or, the admin user doesn't have permission to read the DN.

  Upgrade to 3.0.20.  One of the things you'll find in the default config for the \
"ldap" module is more documentation.  Including explicit instructions for testing the \
LDAP parameters using the "ldapsearch" command.

> # in the "default" server

  We don't need to see the configuration files.

  Alan DeKok.



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic