reject reason logged in radius.log. Possible?

# Line in radius.log: # Auth: Login incorrect: [myusername] (from client wall1-wigate1 port 122 cli 00-1C-CC-C3-C7-1A) reject # Line in radius.log: # Auth: Invalid user: [myusername] (from client wall1-wigate1 port 122 cli 00-1C-CC-C3-C7-1A) } } -- Daniele ALBRIZIO -

Re: Ldap Group retrieval with special charachters in user dn

_search() failed: Operations error rlm_ldap::ldap_groupcmp: search failed I had the same problem in php and I solved it using ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); in this manner don't following referrals. Is it possible to set such an option in rlm_ldap or in some system config file for

Re: Ldap Group retrieval with special charachters in user dn

we turn off referrals. # This *may* cause problems if multiple forests are used with AD. deref never referrals no Yes! It _does_ work! Thank you very much to Tarun and Kostas for the useful and quick hints you gave me! -- Daniele ALBRIZIO - [EMAIL PROTECTED] Settore Tecnologie di B

Ldap Group retrieval with special charachters in user dn

I have to link a microsoft active directory in my workplace not under my rooty control. The user DN in AD are stored in the following format (please don't ask me why!): CN=ALBRIZIO DANIELE (5620),OU=9800,OU=personale,DC=ds,DC=units,DC=it Yes, with parenthesis! In radiusd.conf I have this configurat

Re: Dereference LDAP objects

Christopher Price wrote: Is there an option that you can put in the ldap section of the configuration to tell the server to dereference an aliased object in the LDAP directory? Me too have interest about this topic. I also need to ignore referrals given by an ldap server. -- Daniele

NotBefore, NotAfter or Date attributes fot temporary accounts

00" Somebody knows if such a feature has ever been included in Freeradius? Expiration attribute doesn't permit a "not-before" behaviour, Login-Time attribute doesn't permit month/year specification. Daniele Albrizio Old Post ==

Re: NotBefore, NotAfter or Date attributes fot temporary accounts

Alan DeKok wrote: > Daniele Albrizio wrote: >> In an old post Alan DeKok said he would patch freeradius to support >> temporary accounts using attributes like >> >> Date > "January 1 2010 13:00" >> Date > "January 12 2010 13:00" >

Multiple ldaps (SSL) backends and only the first queried works. Possible bug?

33 ldap_pvt_connect: 0 TLS: peer cert untrusted or revoked (0x42) TLS: can't connect: (unknown error code). ldap_err2string I suspect the "cacertfile" attribute is not correctly re-instantiated and only the value of the first request is used to check against when inst

Re: Multiple ldaps (SSL) backends and only the first queried works. Possible bug?

On 03/05/11 19:00, Daniele Albrizio wrote: > I've two ldaps backends instantiated like: Forgot... Using compiled freeradius-server-2.1.10 on Debian GNU/Linux 6.0 -- Daniele ALBRIZIO - albri...@univ.trieste.it Tel. +39-040.558.3319 UNIVERSITY OF TRIESTE - Network

Re: Multiple ldaps (SSL) backends and only the first queried works.?Possible bug?

On 03/05/11 21:41, Alexander Clouter wrote: > Daniele Albrizio wrote: >> >> I suspect the "cacertfile" attribute is not correctly re-instantiated >> and only the value of the first request is used to check against when >> instantiating a new ldaps connection.