Re: special characters in passwords + FR + ldap
Hi, Thank you for the support, we will try it out in that way. Natalia On 3/30/06, Alan DeKok [EMAIL PROTECTED] wrote: Natalia Escalera [EMAIL PROTECTED] wrote: Command: /usr/local/bin/radtest username test$2006 x.x.x.x 1 test123 Output: Sending Access-Request of id 215 to x.x.x.x port 1812 User-Name = username User-Password = test006#- No dollar sign, no number 2 $2 is a Unix shell variable.This has nothing to do with FreeRADIUS./usr/local/bin/radtest username 'test$2006' x.x.x.x 1 test123will work.Note SINGLE quotes, not DOUBLE quotes.Alan DeKok. -List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
Hello,We tried FR 1.1.1 and we are still having problems with passwords containing special characters like '$' for the LDAP authentication. In FR 1.1.0 the '$' was replaced by a character such as '%24'. For the new version, the symbol '$' is deleted as well as the character that is next to it. Here is an example ofthe executedcommand and its output: Command:/usr/local/bin/radtest username test$2006 x.x.x.x 1 test123 Output:Sending Access-Request of id 215 to x.x.x.x port 1812User-Name = usernameUser-Password = test006 #- No dollar sign, no number 2NAS-IP-Address = 255.255.255.255NAS-Port = 1rad_recv: Access-Reject packet from host x.x.x.x:1812, id=215, length=20Can this situation be considered please? Thank you in advance, Natalia.On 3/27/06, Natalia Escalera [EMAIL PROTECTED] wrote: Hi, We will try the new version and see if the problem was fixed. Thanks a lot. Natalia. On 3/27/06, Turtiainen, Tero [EMAIL PROTECTED] wrote: Hi, From: Natalia Escalera [EMAIL PROTECTED] I was wondering if someone has any idea of how to solve the problem of special characters(e.g. $) in FreeRadius 1.1.0. Have you tried FreeRADIUS 1.1. which was released last week? According to the ChangeLog the bug #261 has been fixed and it was the attributes retreived from ldap are truncated at first space bug, which sounded very similar to our problem: http://bugs.freeradius.org/show_bug.cgi?id=261 -- Tero Turtiainen Technology Services Capgemini [EMAIL PROTECTED] This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient,you are not authorized to read, print, retain, copy, disseminate,distribute, or use this message or any part thereof. If you receive thismessage in error, please notify the sender immediately and delete allcopies of this message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
Hi, We will try the new version and see if the problem was fixed. Thanks a lot. Natalia. On 3/27/06, Turtiainen, Tero [EMAIL PROTECTED] wrote: Hi, From: Natalia Escalera [EMAIL PROTECTED] I was wondering if someone has any idea of how to solve the problem of special characters(e.g. $) in FreeRadius 1.1.0. Have you tried FreeRADIUS 1.1. which was released last week? According to the ChangeLog the bug #261 has been fixed and it was the attributes retreived from ldap are truncated at first space bug, which sounded very similar to our problem: http://bugs.freeradius.org/show_bug.cgi?id=261 -- Tero Turtiainen Technology Services Capgemini [EMAIL PROTECTED] This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
Hi, I was wondering if someone has any idea of how to solve the problem of special characters(e.g. $) in FreeRadius 1.1.0. Help is very appreciated. Thank you, Natalia. On 3/10/06, Natalia Escalera [EMAIL PROTECTED] wrote: Hello, Do you have any suggestion of how to fix the problem? Thanks, Natalia. On 3/9/06, Natalia Escalera [EMAIL PROTECTED] wrote: Hello, how did you patch? What I did is that I took the rlm_ldap.c from FR 1.1.0 and replaced the content of the function ldap_pairget with the code shown on http://bugs.freeradius.org/showattachment.cgi?attach_id=112. Then I execute the './configure' and 'make' commands Natalia. On 3/9/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, I attached a copy of the file rlm_ldap.c of radius 1.1.0 yes, your patched version is clearly borked - as you can see from this snippet. int vals_count; int vals_idx; char *ptr; char *value; TLDAP_RADIUS *element; LRAD_TOKEN token; LRAD_TOKEN token, operator; int is_generic_attribute; charvalue[256]; charbuf[MAX_STRING_LEN]; VALUE_PAIR *pairlist = NULL; VALUE_PAIR *newpair = NULL; chardo_xlat = FALSE; LRAD_TOKEN has dual definitions. it should look similar to: char **vals; int vals_count; int vals_idx; char *ptr; char *value; TLDAP_RADIUS *element; LRAD_TOKEN token, operator; int is_generic_attribute; charbuf[MAX_STRING_LEN]; VALUE_PAIR *pairlist = NULL; VALUE_PAIR *newpair = NULL; chardo_xlat = FALSE; how did you patch? I notice that the patch is no longer clean against the 1.1.x CVS code...which means that more headaches will occur. someone with the drive/desire needs to modify the patch for the more recent source alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Avoiding ldapsearch on LDAP authentication
Hello,
It is my understanding that Freeradius uses Ldap search in order to
authenticate users and that the Ldap bind is used to point to the
location where the search will be done at the Ldap server.
I am using FR 1.1.0 but I think it is similar configuration in your FR version.
#users file
DEFAULT Auth-Type := LDAP
Fall-Through = 1
rlm_ldap: object not found or got ambiguous search result
Check your basedn in raddiusd.conf
For debugging I recommend you to use Ethereal. It is very useful.
Natalia.
On 21 Mar 2006 14:29:22 +0900, MAEDA [EMAIL PROTECTED] wrote:
Hello,
I'm running Freeradius 1.0.4 with OpenLDAP 2.2.29 on my Fedora Core 4
box and try to configure radiusd so that ldap_search is not performed
on authentication (i.e. just use ldap_bind for authentication). But
so far, I've got no success. Radiusd seems to perform search anyway.
I've read the document doc/rlm_ldap and followed the instruction, but
I couldn't get it working (I must be missing something).
I configured radiusd as follows:
In users:
DEFAULT Ldap-UserDn := `uid=%{User-Name},ou=people,dc=atusi,dc=org`,
Auth-Type = LDAP
In radiusd.conf:
modules {
ldap {
server = localhost
ldap_debug = 0x
# identity = cn=admin,o=My Org,c=UA
# password = mypass
basedn = ou=people,dc=atusi,dc=org
# filter =
(uid=%{Stripped-User-Name:-%{User-Name}})
# base_filter = (objectclass=radiusprofile)
start_tls = no
access_attr = dialupAccess
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
}
...
}
authorize {
preprocess
chap
mschap
suffix
eap
files
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
Auth-Type LDAP {
ldap
}
eap
}
# All other parts are left as default.
When I test my setup with:
(echo 'User-Name=mytestuser'; echo 'User-Password = mypassword') |
radclient -c 1 127.0.0.1 auth testing123
radiusd (run with -X option) says:
rad_recv: Access-Request packet from host 127.0.0.1:32791, id=183,
length=43
User-Name = mytestuser
User-Password = mypassword
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
modcall[authorize]: module chap returns noop for request 0
modcall[authorize]: module mschap returns noop for request 0
rlm_realm: No '@' in User-Name = mytestuser, looking up realm
NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module eap returns noop for request 0
users: Matched entry DEFAULT at line 214
modcall[authorize]: module files returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type LDAP
auth: type LDAP
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by mytestuser with password mypassword
radius_xlat: '(uid=mytestuser)'
radius_xlat: 'ou=people,dc=atusi,dc=org'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as / to localhost:389
ldap_bind
ldap_simple_bind
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 6
ldap_prepare_socket: 6
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_connect_timeout: fd: 6 tm: 1 async: 0
ldap_ndelay_on: 6
ldap_is_sock_ready: 6
ldap_ndelay_off: 6
ldap_open_defconn: successful
ldap_send_server_request
rlm_ldap: waiting for bind result ...
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (timeout 4 sec, 0 usec), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: localhost port: 389 (default)
refcnt: 2 status: Connected
last used: Tue Mar 21 13:31:12 2006
** Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
** Response Queue:
Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 1, all 1
ldap_read: message type bind msgid 1, original id 1
new result: res_errno: 0, res_error: ,
Re: special characters in passwords + FR + ldap
Hello, Do you have any suggestion of how to fix the problem? Thanks, Natalia. On 3/9/06, Natalia Escalera [EMAIL PROTECTED] wrote: Hello, how did you patch? What I did is that I took the rlm_ldap.c from FR 1.1.0 and replaced the content of the function ldap_pairget with the code shown on http://bugs.freeradius.org/showattachment.cgi?attach_id=112. Then I execute the './configure' and 'make' commands Natalia. On 3/9/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, I attached a copy of the file rlm_ldap.c of radius 1.1.0 yes, your patched version is clearly borked - as you can see from this snippet. int vals_count; int vals_idx; char *ptr; char *value; TLDAP_RADIUS *element; LRAD_TOKEN token; LRAD_TOKEN token, operator; int is_generic_attribute; charvalue[256]; charbuf[MAX_STRING_LEN]; VALUE_PAIR *pairlist = NULL; VALUE_PAIR *newpair = NULL; chardo_xlat = FALSE; LRAD_TOKEN has dual definitions. it should look similar to: char **vals; int vals_count; int vals_idx; char *ptr; char *value; TLDAP_RADIUS *element; LRAD_TOKEN token, operator; int is_generic_attribute; charbuf[MAX_STRING_LEN]; VALUE_PAIR *pairlist = NULL; VALUE_PAIR *newpair = NULL; chardo_xlat = FALSE; how did you patch? I notice that the patch is no longer clean against the 1.1.x CVS code...which means that more headaches will occur. someone with the drive/desire needs to modify the patch for the more recent source alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
Hello, how did you patch? What I did is that I took the rlm_ldap.c from FR 1.1.0 and replaced the content of the function ldap_pairget with the code shown on http://bugs.freeradius.org/showattachment.cgi?attach_id=112. Then I execute the './configure' and 'make' commands Natalia. On 3/9/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, I attached a copy of the file rlm_ldap.c of radius 1.1.0 yes, your patched version is clearly borked - as you can see from this snippet. int vals_count; int vals_idx; char *ptr; char *value; TLDAP_RADIUS *element; LRAD_TOKEN token; LRAD_TOKEN token, operator; int is_generic_attribute; charvalue[256]; charbuf[MAX_STRING_LEN]; VALUE_PAIR *pairlist = NULL; VALUE_PAIR *newpair = NULL; chardo_xlat = FALSE; LRAD_TOKEN has dual definitions. it should look similar to: char **vals; int vals_count; int vals_idx; char *ptr; char *value; TLDAP_RADIUS *element; LRAD_TOKEN token, operator; int is_generic_attribute; charbuf[MAX_STRING_LEN]; VALUE_PAIR *pairlist = NULL; VALUE_PAIR *newpair = NULL; chardo_xlat = FALSE; how did you patch? I notice that the patch is no longer clean against the 1.1.x CVS code...which means that more headaches will occur. someone with the drive/desire needs to modify the patch for the more recent source alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
Hello, I tried the patch on http://bugs.freeradius.org/showattachment.cgi?attach_id=112 for the function ldap_pairget in the file rlm_ldap.c but it gives me an error when executing the 'make' command saying that 'token' was already declared. This is where token is declared: --- LRAD_TOKEN token; + LRAD_TOKEN token, operator; --- May be the file in that page is corrupted. Can you please send me a copy of the file for the patch. Thank you in advance, Natalia. On 3/8/06, Turtiainen, Tero [EMAIL PROTECTED] wrote: Hi, From: Natalia Escalera [EMAIL PROTECTED] We have made a small fix to the ldap-module (as seen in the link to the mailing list archive). I don't know if this has been fixed in 1.1.0. I once had a quick look at the ldap-module of 1.1.0, it should be quite easy to test if it still fails. The password issue is also in FR 1.1.0. Thats weird. The bug is so easy to spot and should be trivial to fix. And I think it will affect many FR installations. -- Tero Turtiainen Technology Services Capgemini [EMAIL PROTECTED] This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
Hello Mr. Turtiainen: Thank you for your response. We have made a small fix to the ldap-module (as seen in the link to the mailing list archive). I don't know if this has been fixed in 1.1.0. I once had a quick look at the ldap-module of 1.1.0, it should be quite easy to test if it still fails. The password issue is also in FR 1.1.0. I will try the patch suggested on http://bugs.freeradius.org/show_bug.cgi?id=261 and see if it works for our implementation. Thank you, Natalia. On 3/7/06, Turtiainen, Tero [EMAIL PROTECTED] wrote: Hi, -Original Message- Date: Sat, 4 Mar 2006 15:19:32 -0600 From: Natalia Escalera [EMAIL PROTECTED] Hello, What is needed is that Freeradius accepts passwors even if special charaters are part of them. This is what is happening: pass$word - FR - LDAP - FR (Answer: wrong password) Any ideas of how to solve it? This looks very much like the feature we have seen with FR 0.9.3. Passwords with a special character are truncated, resulting in password check failing. http://lists.freeradius.org/mailman/htdig/freeradius-users/2005-July/045 560.html This may be related to this bug, which is still open (I don't agree with the severity=minor :) http://bugs.freeradius.org/show_bug.cgi?id=261 We have made a small fix to the ldap-module (as seen in the link to the mailing list archive). I don't know if this has been fixed in 1.1.0. I once had a quick look at the ldap-module of 1.1.0, it should be quite easy to test if it still fails. -- Tero Turtiainen Technology Services Capgemini [EMAIL PROTECTED] This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: special characters in passwords + FR + ldap
Hello, What is needed is that Freeradius accepts passwors even if special charaters are part of them. This is what is happening: pass$word - FR - LDAP - FR (Answer: wrong password) Any ideas of how to solve it? Thank you, Natalia. On 3/3/06, Alexei Monastyrnyi [EMAIL PROTECTED] wrote: Hey. Does one need to handle it in any special way? I have deployment like this, where special chars work as good as normal ones. Cisco VPN clients - Cisco PIX - FreeRADIUS - OpenLDAP. A. on 03/03/2006 00:28 Natalia Escalera wrote: Hello all, Do somebody know how to handle passwords having special characters in between (e.g. $ ) when doing freeradius-ldap authentication? Thank you, Natalia. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
special characters in passwords + FR + ldap
Hello all, Do somebody know how to handle passwords having special characters in between (e.g. $ ) when doing freeradius-ldap authentication? Thank you, Natalia. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + Microsoft Active Directory
Hello all, Mr. Sandworm, I really appreciate your help. Including 'referrals no' in ldap.conf works fine! Now the FR server receives an affirmative answer from the AD server. I also appreciate Mr. Dekok and Mr. Geek help for pointing me to the correct direction. Thank you, Nataly On 2/26/06, Sandworm [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Natalia Escalera [EMAIL PROTECTED] wrote: I have another question, how can we avoid referrals coming from AD Ldap server? How can we specify those settings? From the list archives: See http://lists.freeradius.org/pipermail/freeradius-users/2004- October/037218.html -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkQCP0sACgkQmw4BJyaatJ0v0wCfVh0g2C1mTgdDxuV6qzBqg8FxTnsA nilt8+Zkbe4sXvs8HCpieRZ7kZQd =B4JO -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius + Microsoft Active Directory
Hello, I am setting up freeradius with Microsoft Active Directory. So far, I am able to connect to the server but not to authenticate a user. Can you please give me a hint of how the configuration files need to be set in order to authenticate the user. Also, what is 3D used for? (Example: server =3D your.ad.server.org ...) Thank you in advance, Nataly - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + Microsoft Active Directory
Hello Mr. DeKok
Thank you for the fast response. The password is clear-text. We are
using ethereal to debug why we are getting Operations Error on the
Search Result. The Operation Errors comment is the following:
In order to perform this operation a successful bind must be completed.
The search request on ethereal from Freeradius to the active directory
gives the following:
Message Type: Search Request
Message Length: 96
Response In: 469
Base DN: dc=test, dc=prt
Scope: subtree (0x02)
Derefence: Never (0x00)
Size Limit: 0
Time Limit: 4
Attributes only: False
Filter: ((objectclass=person)(sAMAccountName=%u))
Attribute: uid we are not sending this attribute and we do not
know where it is specified on Freeradius
Here are the settings given for LDAP module on radius.conf and user file:
#radius.conf
ldap {
server=xxx.xx.xxx.xxx
identity = # If this is suppose to be the bind dn???
password = mypassword
basedn =dc=test,dc=prt
#filter = (uid=%{Stripped-User-Name:-%{User-Name}})
filter =((objectclass=person) (sAMAccountName=%u))
# set this to 'yes' to use TLS encrypted connections
# to the LDAP database by using the StartTLS extended
# operation.
# The StartTLS operation is supposed to be used with normal
# ldap connections instead of using ldaps (port 689) connections
start_tls = no
# tls_cacertfile= /path/to/cacert.pem
# tls_cacertdir = /path/to/ca/dir/
# tls_certfile = /path/to/radius.crt
# tls_keyfile = /path/to/radius.key
# tls_randfile = /path/to/rnd
# tls_require_cert = demand
# default_profile = cn=radprofile,ou=dialup,o=My Org,c=UA
# profile_attribute = radiusProfileDn
access_attr = dialupAccess
# Mapping of RADIUS dictionary attributes to LDAP
# directory attributes.
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
timeout =5
timelimit =4
net_timeout =2
compare_check_items = yes
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
unix
Auth-Type LDAP {
ldap
}
eap
}
#users file
DEFAULT Auth-Type := LDAP
Fall-Through = 1
Can you please tell us if there is something wrong or if we are
missing something on the configuration files?
Thanks in advance,
Nataly
On 2/25/06, Alan DeKok [EMAIL PROTECTED] wrote:
Natalia Escalera [EMAIL PROTECTED] wrote:
I am setting up freeradius with Microsoft Active Directory. So far, I
am able to connect to the server but not to authenticate a user. Can
you please give me a hint of how the configuration files need to be
set in order to authenticate the user.
If the RADIUS packets have clear-text passwords, then the normal
LDAP module should work. If you're using PEAP or MS-CHAP, read
radiusd.conf,m and use ntlm_auth.
Also, what is 3D used for? (Example: server =3D your.ad.server.org ...)
Nothing. It's an artifact of stupid mailers. 3D is ASCII for '='.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + Microsoft Active Directory
Hello, What do you mean with qualify the LDAP search? Thanks. Nataly On 2/25/06, Alan DeKok [EMAIL PROTECTED] wrote: Natalia Escalera [EMAIL PROTECTED] wrote: Thank you for the fast response. The password is clear-text. We are using ethereal to debug why we are getting Operations Error on the Search Result. See the list archives. You have to qualify the LDAP search. http://www.nabble.com/FreeRadius-cannot-Authenticate-to-Windows-AD-t752989.html Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + Microsoft Active Directory
Hello, How can we specify the bindn on radius.conf so we do not search as an anonymous user? Thank you, Nataly On 2/25/06, Natalia Escalera [EMAIL PROTECTED] wrote: Hello, What do you mean with qualify the LDAP search? Thanks. Nataly On 2/25/06, Alan DeKok [EMAIL PROTECTED] wrote: Natalia Escalera [EMAIL PROTECTED] wrote: Thank you for the fast response. The password is clear-text. We are using ethereal to debug why we are getting Operations Error on the Search Result. See the list archives. You have to qualify the LDAP search. http://www.nabble.com/FreeRadius-cannot-Authenticate-to-Windows-AD-t752989.html Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + Microsoft Active Directory
I mean binddn... On 2/25/06, Natalia Escalera [EMAIL PROTECTED] wrote: Hello, How can we specify the bindn on radius.conf so we do not search as an anonymous user? Thank you, Nataly On 2/25/06, Natalia Escalera [EMAIL PROTECTED] wrote: Hello, What do you mean with qualify the LDAP search? Thanks. Nataly On 2/25/06, Alan DeKok [EMAIL PROTECTED] wrote: Natalia Escalera [EMAIL PROTECTED] wrote: Thank you for the fast response. The password is clear-text. We are using ethereal to debug why we are getting Operations Error on the Search Result. See the list archives. You have to qualify the LDAP search. http://www.nabble.com/FreeRadius-cannot-Authenticate-to-Windows-AD-t752989.html Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + Microsoft Active Directory
I have another question, how can we avoid referrals coming from AD Ldap server? How can we specify those settings? Thanks, Nataly On 2/25/06, Natalia Escalera [EMAIL PROTECTED] wrote: I mean binddn... On 2/25/06, Natalia Escalera [EMAIL PROTECTED] wrote: Hello, How can we specify the bindn on radius.conf so we do not search as an anonymous user? Thank you, Nataly On 2/25/06, Natalia Escalera [EMAIL PROTECTED] wrote: Hello, What do you mean with qualify the LDAP search? Thanks. Nataly On 2/25/06, Alan DeKok [EMAIL PROTECTED] wrote: Natalia Escalera [EMAIL PROTECTED] wrote: Thank you for the fast response. The password is clear-text. We are using ethereal to debug why we are getting Operations Error on the Search Result. See the list archives. You have to qualify the LDAP search. http://www.nabble.com/FreeRadius-cannot-Authenticate-to-Windows-AD-t752989.html Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
