Thank you. That is the understanding I was missing and looking for.
Laurence
Alan DeKok wrote:
Laurence Mayer wrote:
The binding currently is happening by root and is successful.
Yet it returns *no* information. Normally, the "bind as root" returns
the user's "known good" password. This hasn't happened here.
The second phase (authenticate) by the end user does not succeed.
The "bind as user" fails. Debug output shows this.
I am trying to understand why despite the binding happening by root, the
user cannot authenticate.
Because the credentials are invalid.
...
rad_recv: Access-Request packet from host 172.16.16.55:34583, id=49,
length=60
User-Name = "laurence"
User-Password = "xxxx"
It has a packet with a password.
NAS-IP-Address = 255.255.255.255
rlm_ldap: bind as cn=root,dc=istraresearch,dc=com/xxxx to 127.0.0.1:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=People,dc=istraresearch,dc=com, with
filter (&(objectClass=inetOrgPerson)(uid=laurence))
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
And nothing was returned. i.e. the user exists, but nothing more.
rlm_ldap: bind as cn=Laurence
Mayer,ou=people,dc=istraresearch,dc=com/xxxx to 127.0.0.1:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind failed with invalid credentials
That's pretty definitive. His credentials are invalid. The LDAP
server says so.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
--------------------------
Laurence Mayer
Director of Operations & IT
Istra Research Ltd.
Tel: +972545233107
Fax: +972722765124
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
