If I understand this correctly, each user who would like to
authenticated would require those access rights and not only laurence?
What would the access list look like?
Thanks in advance
Laurence
[EMAIL PROTECTED] wrote:
Hi,
As user laurence I am able to search, so the root now binds, however
laurence does not authenticate. I am able to connect via ssh via ldap
server etc.
and the debug log shows....
auth: type "LDAP"
Processing the authenticate section of radiusd.conf
modcall: entering group LDAP for request 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by "laurence" with password "xxxx"
rlm_ldap: user DN: cn=Laurence Mayer,ou=people,dc=istraresearch,dc=com
rlm_ldap: (re)connect to 127.0.0.1:389, authentication 1
rlm_ldap: could not set LDAP_OPT_X_TLS_REQUIRE_CERT option to allow
rlm_ldap: bind as cn=Laurence
Mayer,ou=people,dc=istraresearch,dc=com/xxxx to 127.0.0.1:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind failed with invalid credentials
modcall[authenticate]: module "ldap" returns reject for request 0
modcall: leaving group LDAP (returns reject) for request 0
auth: Failed to validate the user.
thats fairly obvious. this auth is still binding as cn=Laurence.....
and unable to. change this binding operation to some level that can.
reason why this part fails is this bind for authenticate
is asking for some more sensitive details (password!) whereas
the authorize is just doing a value/check comparison to see
if they are allowed to the resources.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
