Michael Cunningham <[EMAIL PROTECTED]> wrote:
> but for some reason it refuses the login as the last second.
> I know the user login and radius login on the ldap server
> work well asI have authenticated using ldapsearch for
> each user. Acl's are wide open on the ldap server
> since I am in test mode.
>
> Can anyone help me figure out what is going on?
Hmm.. The log says:
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user lynn authorized to use remote access
> Sending Access-Reject of id 79 to 137.236.206.3:1025
That's annoying. There should be at least a debugging message
saying WHY it's rejecting the user. At this point, if debugging (-X)
doesn't help, all I can suggest is to add DEBUG statements to the
code, to see what it's doing.
I'd also suggest upgrading to the latest CVS version. It has more
debugging messages, and some bug fixes.
> As a side note.. does anyone know if freeradius plans
> on supporting ldap authentication via ssl in the future?
In the ldap configuration section, add:
start_tls = yes
and should work. It's been there a while, but it hasn't been well
documented.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
