Our Novell experts have looked into the LDAP database and found that the affected accounts do indeed have the sasDefaultLoginSequence attribute, in fact only a handful of accounts have it.
They are testing now. I will let you all know what happens. --------------- Barry Dean Networks Team -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: 09 November 2007 15:11 To: FreeRadius users mailing list Subject: Re: Some users can't login after upgrade! Dean, Barry wrote: > The debug output (private data masked) can be picked up from: > > Version 1.1.4 (Works): http://pcwww.liv.ac.uk/~bvd/radius/114.txt > Version 1.1.7 (Broken): http://pcwww.liv.ac.uk/~bvd/radius/117.txt > > They are reasonably long so I did not want to post them as a long email! > > My reading of them indicates that the eDirectory returns a "NOT OK" to 1.1.7 > and an "OK" to 1.1.4 for the > same user account! Novell contributed a patch to allow changing the eDirectory NMAS authentication option. In the source, they look for "<No Default>". In the debug logs you provide, eDirectory returns "------No default------". Try changinging "sasDefaultLoginSequence" to "<No Default>" for the user. In short, the Novell patch doesn't seem to agree with the behavior of Novell's eDirectory server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
