Sayantan,
It was a password error. Thanks.
Josh
Quoting Sayantan Bhowmick [EMAIL PROTECTED]:
Hi,
If you are getting a reply with ldapsearch then you should be able
to authenticate as that user. One of the possible causes of the -669
error is an invalid password. So check the password
I am running FreeRADIUS 1.0.4 on FreeBSD 4.11 authenticate/authorize users via
LDAP on a NetWare 6.5 server/tree.
I can successfully authenticate and authorize users if they reside in the root
context (o=rootcontext), but authorize fails if the user is in an ou in the
root context. The identity
Check the filter statement in the ldap portion of radiusd.conf. It's searching
on uid which in eDirectory is an integer field and isn't populated by default.
Change the filter to filter = (cn=%{Stripped-User-Name:-%{User-Name}}) and
try it. That will get you past the object not found message.
Ok, I'm now one step closer. Mearl's solution worked somewhat. Here is the
output from the debug:
-snip-
rlm_ldap: - authorize
rlm_ldap: performing user authorization for gwaccesspo1
radius_xlat: '(cn=gwaccesspo1)'
radius_xlat: 'o=services'
rlm_ldap: ldap_get_conn: Checking Id: 0
Are you trying to use Universal Password to authenticate? I don't see the TLS
negotiation required for the admin to read the Universal Password.
Why don't you post the entire debug log? Then we can see all the setup info as
the radius server reads it.
Mearl
[EMAIL PROTECTED] 7/19/2005
I have not setup Universal Passwords as this is not an option because of the
complexities of the tree. As of right now, the LDAP Group in eDirectory does
not require TLS, so I am therefore not requiring it in radiusd.conf either. I
want to get it to work over cleartext for now, and then setup
We're using Universal Passwords so the setup is a bit different.
The documentation on rlm_ldap says that if password_attribute is set to NULL no
password is sent.
# default: NULL - don't add password
Have you tried it with password_attribute = userPassword ?
I'm assuming that you've
Hi,
If you are getting a reply with ldapsearch then you should be able
to authenticate as that user. One of the possible causes of the -669
error is an invalid password. So check the password and make sure you
are able to log in as that user.
-Sayantan
[EMAIL PROTECTED] 07/20/05 3:00 AM
I
8 matches
Mail list logo