Ron, I am a little unclear on what you are showing in your logs below, after this line: Mon Mar 29 17:19:30 2004 : Debug: rlm_ldap: performing search in dc=rp,dc=com, with filter (SamAccountName=brian)
What does it say? Does it say ldap returns not authorized or not found? You may also want to post your radiusd.conf (Editing out any confidential information) so others can look at it as well. Thanks, Darren ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ron Wahler Sent: Tuesday, March 30, 2004 8:05 PM To: [EMAIL PROTECTED] Subject: LDAP query problem- FreeRadius times out. Having a problem with the ldap search with Active Directory. The query does not come back with a basedn of "dc=rp,dc=com", it Does come back with a query basedn "cn=User, dc=rp,dc=com". I did a query with ldapsearch and it came back both ways, and fast. So it is something with FreeRadius not seeing the packet come back. I used ethereal and the packet did come back, FR just did not see it. Thanks, Ron Here is the data: This query worked the basedn=cn=Users,dc=rp,dc=com, there are only 2 users in this Active Directory database, so it's not big. Time should not be a problem. Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: - authorize Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: performing user authorization for brian Mon Mar 29 17:23:28 2004 : Debug: radius_xlat: '(SamAccountName=brian)' Mon Mar 29 17:23:28 2004 : Debug: radius_xlat: 'cn=Users,dc=rp,dc=com' Mon Mar 29 17:23:28 2004 : Debug: ldap_get_conn: Got Id: 0 Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: attempting LDAP reconnection Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: (re)connect to 10.0.5.20:389, authentication 0 Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: bind as cn=Administrator,cn=Users,dc=rp,dc=com/rp to 10.0.5.20:389 Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: waiting for bind result ... Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: performing search in cn=Users,dc=rp,dc=com, with filter (SamAccountName=brian) Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: looking for check items in directory... Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: looking for reply items in directory... Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: user brian authorized to use remote access Mon Mar 29 17:23:28 2004 : Debug: ldap_release_conn: Release Id: 0 Mon Mar 29 17:23:28 2004 : Debug: modsingle[authorize]: returned from ldap_rp.com (rlm_ldap) for request 0 Mon Mar 29 17:23:28 2004 : Debug: modcall[authorize]: module "ldap_rp.com" returns ok for request 0 Mon Mar 29 17:23:28 2004 : Debug: modcall: group autztype returns ok for request 0 Mon Mar 29 17:23:28 2004 : Debug: rad_check_password: Found Auth-Type rp.com Mon Mar 29 17:23:28 2004 : Debug: auth: type "rp.com" Mon Mar 29 17:23:28 2004 : Debug: modcall: entering group authtype for request 0 Mon Mar 29 17:23:28 2004 : Debug: modsingle[authenticate]: calling ldap_rp.com (rlm_ldap) for request 0 Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: - authenticate Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: login attempt by "brian" with password "brian" Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: user DN: CN=Brian R.,CN=Users,DC=rp,DC=com Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: (re)connect to 10.0.5.20:389, authentication 1 Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: bind as CN=Brian R.,CN=Users,DC=rp,DC=com/brian to 10.0.5.20:389 Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: waiting for bind result ... Mon Mar 29 17:23:28 2004 : Debug: rlm_ldap: user brian authenticated succesfully This query Did not work from freeRadius perspective, but on an ethereal capture the response packet did come back. FreeRadius times out the query. The difference here is the basedn, below here we have a higher level basedn dc=rp,dc=rom Mon Mar 29 17:19:30 2004 : Debug: rlm_ldap: - authorize Mon Mar 29 17:19:30 2004 : Debug: rlm_ldap: performing user authorization for brian Mon Mar 29 17:19:30 2004 : Debug: radius_xlat: '(SamAccountName=brian)' Mon Mar 29 17:19:30 2004 : Debug: radius_xlat: 'dc=rp,dc=com' Mon Mar 29 17:19:30 2004 : Debug: ldap_get_conn: Got Id: 0 Mon Mar 29 17:19:30 2004 : Debug: rlm_ldap: attempting LDAP reconnection Mon Mar 29 17:19:30 2004 : Debug: rlm_ldap: (re)connect to 10.0.5.20:389, authentication 0 Mon Mar 29 17:19:30 2004 : Debug: rlm_ldap: bind as cn=Administrator,cn=Users,dc=rp,dc=com/rp to 10.0.5.20:389 Mon Mar 29 17:19:30 2004 : Debug: rlm_ldap: waiting for bind result ... Mon Mar 29 17:19:30 2004 : Debug: rlm_ldap: performing search in dc=rp,dc=com, with filter (SamAccountName=brian) ********************************************************************** The information and any files contained in this e-mail message are property of WestPoint Stevens Inc., its subsidiaries or affiliates, and are intended only for use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you hereby are notified that use, dissemination, distribution or copying of this information is strictly prohibited. If you have received this communication in error, please immediately notify us by return e-mail and destroy the original message. Thank you. ********************************************************************** - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html