Massimo Meregalli wrote:
> The server on which the radiusd is running is configured to authenticate
> users against ldap (via pam) (which is running on the same machine as
> the radiusd server). The ldap server is used only to store user
> information. The passwords are stored into a kerberos database. The
> User-Password ldap attribute is specified as {SASL}<user>@REALM for
> those application that don't understand kerberos and the server is also
> running saslauthd.Yes... that doesn't change what I said. The OpenLDAP libraries have some static variables that make it impossible to *safely* talk to two LDAP servers from the same program. This is likely the issue you are running into. > All the other application the server is running which use ldap as > database are working fine. Are they also using LDAP via PAM? If not, then they are not running into the problem I pointed out. > The unix module is commented out in the configuration file. Whatever. You're using rlm_ldap AND ldap through PAM. This is not supported by the OpenLDAP libraries. It was magic why it worked before. It works in non-threaded mode because the conflicting mutexes aren't used. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
