Laurence Mayer wrote: > The binding currently is happening by root and is successful.
Yet it returns *no* information. Normally, the "bind as root" returns the user's "known good" password. This hasn't happened here. > The second phase (authenticate) by the end user does not succeed. The "bind as user" fails. Debug output shows this. > I am trying to understand why despite the binding happening by root, the > user cannot authenticate. Because the credentials are invalid. ... > rad_recv: Access-Request packet from host 172.16.16.55:34583, id=49, > length=60 > User-Name = "laurence" > User-Password = "xxxx" It has a packet with a password. > NAS-IP-Address = 255.255.255.255 > rlm_ldap: bind as cn=root,dc=istraresearch,dc=com/xxxx to 127.0.0.1:389 > rlm_ldap: waiting for bind result ... > rlm_ldap: Bind was successful > rlm_ldap: performing search in ou=People,dc=istraresearch,dc=com, with > filter (&(objectClass=inetOrgPerson)(uid=laurence)) > rlm_ldap: looking for check items in directory... > rlm_ldap: looking for reply items in directory... And nothing was returned. i.e. the user exists, but nothing more. > rlm_ldap: bind as cn=Laurence > Mayer,ou=people,dc=istraresearch,dc=com/xxxx to 127.0.0.1:389 > rlm_ldap: waiting for bind result ... > rlm_ldap: Bind failed with invalid credentials That's pretty definitive. His credentials are invalid. The LDAP server says so. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html