The configuration I had was FreeRADIUS 1.1.4 running on NetBSD_3.0 (STABLE)
authenticating to Novell eDirectory using LDAP.
All was fine...
I upgraded to FreeRADIUS 1.1.7 and all seemed OK, until two of my users found
they can no longer login to the Cisco VPN3000 which uses this RADIUS. The log
files simply show:
Tue Nov 6 15:06:40 2007 : Auth: Login incorrect: [<user>] (from client vpn3000
port 13712 cli X.X.X.X)
We also use RADIUS with EZProxy. I used a spare EZProxy test box and asked the
user to login using that, failed with 1.1.7 RADIUS, changed it to use a spare
1.1.4 server and they could login!
User names are alphabetic only and less than 8 characters, passwords are
alpha-numeric only and 8 characters.
I am reasonably new to RADIUS and cannot figure out why these two users are
being singled out!
I thought at first it might be because we have "edir_account_policy_check=yes"
and that given the ChangeLog for 1.1.7 says "Added more eDirectory support.",
and the two users possibly have extra attributes as they are sysadmins, that
something was being checked that was not with 1.1.4 and that was preventing
login.
However later in radiusd.conf in the post-auth section the LDAP server entries
are commented out. and it says:
# Un-comment the following if you have set
# 'edir_account_policy_check = yes' in the ldap module sub-section of
# the 'modules' section.
So does this mean this feature is not in operation?
Has anyone any ideas where I should start looking?
Thanks.
---------------
Barry Dean
Networks Team
University of Liverpool
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
