LDAP query problem- FreeRadius times out.

[Ron Wahler]

Having a problem with the ldap search with  Active Directory.  The query does not come back with a basedn of “dc=rp,dc=com”, it Does come back with a query basedn “cn=User, dc=rp,dc=com”.   I did a query with ldapsearch and it came back both ways, and fast. So it is something with FreeRadius not seeing the packet come back. I used ethereal and the packet did come back, FR just did not see it.   Thanks, Ron     Here is the data:     This query worked the basedn=cn=Users,dc=rp,dc=com, there are only 2 users in this Active Directory database, so it’s not big. Time should not be a problem.   Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: - authorize Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: performing user authorization for brian Mon Mar 29 17:23:28 2004 : Debug: radius_xlat:  '(SamAccountName=brian)' Mon Mar 29 17:23:28 2004 : Debug: radius_xlat:  'cn=Users,dc=rp,dc=com' Mon Mar 29 17:23:28 2004 : Debug: ldap_get_conn: Got Id: 0 Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: attempting LDAP reconnection Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: (re)connect to 10.0.5.20:389, authentication 0 Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: bind as cn=Administrator,cn=Users,dc=rp,dc=com/rp to 10.0.5.20:389 Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: waiting for bind result ... Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: performing search in cn=Users,dc=rp,dc=com, with filter (SamAccountName=brian)   Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: looking for check items in directory... Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: looking for reply items in directory... Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: user brian authorized to use remote access Mon Mar 29 17:23:28 2004 : Debug: ldap_release_conn: Release Id: 0 Mon Mar 29 17:23:28 2004 : Debug:   modsingle[authorize]: returned from ldap_rp.com (rlm_ldap) for request 0 Mon Mar 29 17:23:28 2004 : Debug:   modcall[authorize]: module "ldap_rp.com" returns ok for request 0 Mon Mar 29 17:23:28 2004 : Debug: modcall: group autztype returns ok for request 0 Mon Mar 29 17:23:28 2004 : Debug:   rad_check_password:  Found Auth-Type rp.com Mon Mar 29 17:23:28 2004 : Debug: auth: type "rp.com" Mon Mar 29 17:23:28 2004 : Debug: modcall: entering group authtype for request 0 Mon Mar 29 17:23:28 2004 : Debug:   modsingle[authenticate]: calling ldap_rp.com (rlm_ldap) for request 0 Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: - authenticate Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: login attempt by "brian" with password "brian" Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: user DN: CN=Brian R.,CN=Users,DC=rp,DC=com Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: (re)connect to 10.0.5.20:389, authentication 1 Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: bind as CN=Brian R.,CN=Users,DC=rp,DC=com/brian to 10.0.5.20:389 Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: waiting for bind result ... Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: user brian authenticated succesfully       This query Did not work from freeRadius perspective, but on an ethereal capture the response packet did come back. FreeRadius times out the query. The difference here is the basedn, below here we have a higher level basedn dc=rp,dc=rom     Mon Mar 29 17:19:30 2004 : Debug: rlm_ldap: - authorize Mon Mar 29 17:19:30 2004 : Debug: rlm_ldap: performing user authorization for brian Mon Mar 29 17:19:30 2004 : Debug: radius_xlat:  '(SamAccountName=brian)' Mon Mar 29 17:19:30 2004 : Debug: radius_xlat:  'dc=rp,dc=com' Mon Mar 29 17:19:30 2004 : Debug: ldap_get_conn: Got Id: 0 Mon Mar 29 17:19:30 2004 : Debug: rlm_ldap: attempting LDAP reconnection Mon Mar 29 17:19:30 2004 : Debug: rlm_ldap: (re)connect to 10.0.5.20:389, authentication 0 Mon Mar 29 17:19:30 2004 : Debug: rlm_ldap: bind as cn=Administrator,cn=Users,dc=rp,dc=com/rp to 10.0.5.20:389 Mon Mar 29 17:19:30 2004 : Debug: rlm_ldap: waiting for bind result ... Mon Mar 29 17:19:30 2004 : Debug: rlm_ldap: performing search in dc=rp,dc=com, with filter (SamAccountName=brian)