Hi, > As user laurence I am able to search, so the root now binds, however > laurence does not authenticate. I am able to connect via ssh via ldap > server etc.
and the debug log shows.... > auth: type "LDAP" > Processing the authenticate section of radiusd.conf > modcall: entering group LDAP for request 0 > rlm_ldap: - authenticate > rlm_ldap: login attempt by "laurence" with password "xxxx" > rlm_ldap: user DN: cn=Laurence Mayer,ou=people,dc=istraresearch,dc=com > rlm_ldap: (re)connect to 127.0.0.1:389, authentication 1 > rlm_ldap: could not set LDAP_OPT_X_TLS_REQUIRE_CERT option to allow > rlm_ldap: bind as cn=Laurence > Mayer,ou=people,dc=istraresearch,dc=com/xxxx to 127.0.0.1:389 > rlm_ldap: waiting for bind result ... > rlm_ldap: Bind failed with invalid credentials > modcall[authenticate]: module "ldap" returns reject for request 0 > modcall: leaving group LDAP (returns reject) for request 0 > auth: Failed to validate the user. thats fairly obvious. this auth is still binding as cn=Laurence..... and unable to. change this binding operation to some level that can. reason why this part fails is this bind for authenticate is asking for some more sensitive details (password!) whereas the authorize is just doing a value/check comparison to see if they are allowed to the resources. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
