i ran into the same issue (running ldap query against
novell edir tree.) the users can bind as themselves
but they need the rights to query the ldap server.
give the "identity" account sufficient rights to run
the lookup and nothing more...should work fine.
--- Ron Wahler <[EMAIL PROTECTED]> wrote:
>
> Can you authenticate without the idenity and
> password filled out? I
> can't seem to get it to work without these fields
> filled out?
>
> Thanks,
> Ron.
>
> ldap ldap_rp-eng{
> server = 10.0.0.25
> port = 389
> #identity = "[EMAIL PROTECTED]"
> #password = "tester"
> basedn = "cn=Users,dc=rp-eng,dc=com"
> filter =
>
"(SamAccountName=%{Stripped-User-Name:-%{User-Name}})"
> start_tls = no
> tls_mode = no
> timeout = 20
> net_timeout = 10
> timelimit = 20
> }
> [Ron Wahler]
>
>
>
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for rontest
> radius_xlat: '(SamAccountName=rontest)'
> radius_xlat: 'cn=Users,dc=rp-eng,dc=com'
> ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to 10.0.0.25:389,
> authentication 0
> rlm_ldap: bind as / to 10.0.0.25:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in
> cn=Users,dc=rp-eng,dc=com, with filter
> (SamAccountName=rontest)
> rlm_ldap: object not found or got ambiguous search
> result
> rlm_ldap: search failed
> ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap_rp-eng" returns
> notfound for request
> 0
> modcall: group autztype returns notfound for request
> 0
> rad_check_password: Found Auth-Type rp-eng
> auth: type "rp-eng"
> Processing the authenticate section of
> radiusd.conf
> modcall: entering group authtype for request 0
> rlm_ldap: - authenticate
> rlm_ldap: login attempt by "rontest" with password
> "rontest"
> radius_xlat: '(SamAccountName=rontest)'
> radius_xlat: 'cn=Users,dc=rp-eng,dc=com'
> ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in
> cn=Users,dc=rp-eng,dc=com, with filter
> (SamAccountName=rontest)
> rlm_ldap: object not found or got ambiguous search
> result
> ldap_release_conn: Release Id: 0
> modcall[authenticate]: module "ldap_rp-eng"
> returns notfound for
> request 0
> modcall: group authtype returns notfound for request
> 0
> auth: Failed to validate the user.
> Delaying request 0 for 1 seconds
> Finished request 0
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
__________________________________
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway
http://promotions.yahoo.com/design_giveaway/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
