On Thu, Nov 14, 2002 at 04:09:34PM -0600, Chris Parker wrote: > >modcall: entering group authorize^M > > hints: Matched DEFAULT at 64^M > > modcall[authorize]: module "preprocess" returns ok^M > > What is in your 'hints' file? Let me guess, you have some @buoy.com > stuff there?
Yup. Good call. Taken out. > > rlm_realm: No '@' in User-Name = "tps", looking up realm NULL^M > > rlm_realm: No such realm NULL^M > > modcall[authorize]: module "suffix" returns noop^M > > Okay, the request hit the realm module without a realm, so this > of course won't do anything. Right. > > users: Matched DEFAULT at 145^M > > users: Matched DEFAULT at 164^M > > users: Matched DEFAULT at 185^M > > modcall[authorize]: module "files" returns ok^M > >modcall: group authorize returns ok^M > > rad_check_password: Found Auth-Type Ldap^M > >auth: type "LDAP"^M > >modcall: entering group authenticate^M > >rlm_ldap: - authenticate^M > >rlm_ldap: login attempt by "tps" with password "mypass"^M > >radius_xlat: '([EMAIL PROTECTED])'^M > >radius_xlat: 'dc=buoy,dc=com'^M > >ldap_get_conn: Got Id: 0^M > >rlm_ldap: attempting LDAP reconnection^M > >rlm_ldap: (re)connect to ldap.buoy.com:389, authentication 0^M > >rlm_ldap: bind as / to ldap.buoy.com:389^M > >rlm_ldap: waiting for bind result ...^M > >rlm_ldap: performing search in dc=buoy,dc=com, with filter > >([EMAIL PROTECTED])^M > >rlm_ldap: object not found or got ambiguous search result^M > >ldap_release_conn: Release Id: 0^M > > modcall[authenticate]: module "ldap" returns notfound^M > >modcall: group authenticate returns notfound^M > >auth: Failed to validate the user.^M > > It is not able to find it in your LDAP store. You need to debug that, > not the server. Well, that's what has me confused. It hits ldap at '[EMAIL PROTECTED]'. Why is the realm back on? > >Notice that rlm_realm doesn't see the '@' in the username, but it > >gets unstripped to rlm_ldap > > My guess is you have something in your "hints" file telling it to > mangle the User-Name and strip off '@buoy.com'. Don't do that. Let > the Realm module do it's work. I 'fixed' my hints file, and it still doesn't work. :( > Also, you may want to see previous posts on the list on how to tell > LDAP to use the Stripped-User-Name ( created by the realm module ) > if it exists ( to handle '[EMAIL PROTECTED]' ) or User-Name if it doesn't > ( to handle 'tps' ). I'll take a look. This has been working for about 18 months with no problems... Tim -- >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< >> Tim Sailer (at home) >< Coastal Internet,Inc. << >> Network and Systems Operations >< PO Box 671 << >> http://www.buoy.com >< Ridge, NY 11961 << >> [EMAIL PROTECTED][EMAIL PROTECTED] >< (631)924-3728 (888) 924-3728 << >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
