That is the fun i am having. The baseDN of dc=AD,dc=ne,dc=gov DOES work from ldapsearch and these are actually the credentials i have received from our LDAP admins. One of the more specific options I received must be wrong
That all being said though you are responding with an answer that at least lets me know that my syntax is correct, even if the information I am receiving from the local LDAP folks is not. Thanks for your help. On Fri, 2011-05-20 at 17:03 +0100, Phil Mayers wrote: > On 20/05/11 16:27, Doty, Seth wrote: > > I changed my baseDN to: basedn = ou=test,dc=AD,dc=ne,dc=gov and this > > results in the same failure in the group section. > > rlm_ldap: object not found > > rlm_ldap::ldap_groupcmp: search failed > > > > > > I cant remove the ou=test portion or authentication fails completely and > > i get a reject: > > [ldap] performing user authorization for seth.doty > > [ldap] expand: %{Stripped-User-Name} -> > > [ldap] expand: %{User-Name} -> seth.doty > > [ldap] expand: (CN=%{%{Stripped-User-Name}:-%{User-Name}}) -> > > (CN=seth.doty) > > [ldap] expand: dc=ad,dc=ne,dc=gov -> dc=ad,dc=ne,dc=gov > > rlm_ldap: ldap_get_conn: Checking Id: 0 > > rlm_ldap: ldap_get_conn: Got Id: 0 > > rlm_ldap: attempting LDAP reconnection > > rlm_ldap: closing existing LDAP connection > > rlm_ldap: (re)connect to ad.ne.gov:389, authentication 0 > > rlm_ldap: bind as stn\seth.doty/ to stone.ne.gov:389 > > rlm_ldap: waiting for bind result ... > > rlm_ldap: Bind was successful > > rlm_ldap: performing search in dc=ad,dc=ne,dc=gov, with filter > > (CN=seth.doty) > > rlm_ldap: ldap_search() failed: Operations error > > You're just putting random things into the ldap config and hoping it > will work. > > Go and speak to the people who run your LDAP service. Ask them for the > correct base DN, bind DN and credentials, group filters and so forth. > > Try these LDAP parameters from the command line using ldapsearch. When > it's working, try them with FreeRADIUS. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html