-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/19/2013 04:07 PM, Fabrice DURAND wrote:
> This looks simple enough, thanks. :)
Famous last words.. *sigh*
Ok, so here's where I am today.. I thought I had the LDAP login part
working, but apparently not.. Our openldap setup requires a two stage
bind to validate a user password. It appears that the user is found,
but then I get an error about no "known good" password.
Unfortunately, my FreeRADIUS foo is a bit weak, so I'm having a
problem trying to figure this out. Any suggestions?
Here's the ldap section of radiusd -X ...
[ldap] performing user authorization for testuser
[ldap] expand: %{Stripped-User-Name} ->
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> testuser
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=testuser)
[ldap] expand: o=MyDomain -> o=MyDomain
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in o=MyDomain, with filter (uid=testuser)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure
that the user is configured correctly?
[ldap] user testuser authorized to use remote access
I added ldap in the authorize{} section of packetfence-tunnel and the
following in the authenticate{} section :
Auth-Type LDAP {
ldap
}
- --
- ---------------------------
Jason 'XenoPhage' Frisvold
[email protected]
- ---------------------------
"Any sufficiently advanced magic is indistinguishable from technology.\"
- - Niven's Inverse of Clarke's Third Law
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlF1bf0ACgkQO80o6DJ8UvnD9gCgksy6f65sfjJEx8xKq7KxiNgc
xSkAoIF5mNw3VZ2f4nvJKjotAFeRYsGJ
=wDFJ
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
