On 20/05/11 16:27, Doty, Seth wrote:
I changed my baseDN to: basedn = ou=test,dc=AD,dc=ne,dc=gov and this results in the same failure in the group section. rlm_ldap: object not found rlm_ldap::ldap_groupcmp: search failedI cant remove the ou=test portion or authentication fails completely and i get a reject: [ldap] performing user authorization for seth.doty [ldap] expand: %{Stripped-User-Name} -> [ldap] expand: %{User-Name} -> seth.doty [ldap] expand: (CN=%{%{Stripped-User-Name}:-%{User-Name}}) -> (CN=seth.doty) [ldap] expand: dc=ad,dc=ne,dc=gov -> dc=ad,dc=ne,dc=gov rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: closing existing LDAP connection rlm_ldap: (re)connect to ad.ne.gov:389, authentication 0 rlm_ldap: bind as stn\seth.doty/ to stone.ne.gov:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=ad,dc=ne,dc=gov, with filter (CN=seth.doty) rlm_ldap: ldap_search() failed: Operations error
You're just putting random things into the ldap config and hoping it will work.
Go and speak to the people who run your LDAP service. Ask them for the correct base DN, bind DN and credentials, group filters and so forth.
Try these LDAP parameters from the command line using ldapsearch. When it's working, try them with FreeRADIUS.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
