Quick HOWTO : Ch31 : Centralized Logins Using LDAP and RADIUS - Fails on Fedora 6
Fedora 6, openldap rpms installed via smart package manager. slapd.conf: http://pastebin.ca/445851 tfxschool.internal.lidf: http://pastebin.ca/445852 root.ldif: http://pastebin.ca/445854 ldapusers.ldif: http://pastebin.ca/445855 I decided to try setting up openldap in hopes of learning more about my error. I followed this howto http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_Centralized_Logins_Using_LDAP_and_RADIUS step by step and rechecked all configs etc when I got the following error. [EMAIL PROTECTED] ~]# ldapadd -x -D cn=Manager,dc=tfxschool,dc=internal -W -f /etc/openldap/tfxschool.internal.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49) additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece It seems to be similar if not the same problem I am having with FR refusing to auth via ldap to our ADS server. I am stuck though I have no idea how to resolve this error and unfortunately the howto assumes it just works. Google suggests that it may be the result of my domain string dc=tfxschool,dc=interternal, which looks correct to me. Our test domain is tfxschool.internal . any help / suggestions/ insight would be greatly appreciated. Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Quick HOWTO : Ch31 : Centralized Logins Using LDAP and RADIUS - Fails on Fedora 6 + debug info
Just added debug output to help. Fedora 6, openldap rpms installed via smart package manager. slapd.conf: http://pastebin.ca/445851 tfxschool.internal.lidf: http://pastebin.ca/445852 root.ldif: http://pastebin.ca/445854 ldapusers.ldif: http://pastebin.ca/445855 ldapadd -d9 -x -D cn=Manager,dc=tfxschool,dc=internal -W -f /etc/openldap/tfxschool.internal.ldif - http://pastebin.ca/445899 I decided to try setting up openldap in hopes of learning more about my error. I followed this howto http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_Centralized_Logins_Using_LDAP_and_RADIUS step by step and rechecked all configs etc when I got the following error. [EMAIL PROTECTED] ~]# ldapadd -x -D cn=Manager,dc=tfxschool,dc=internal -W -f /etc/openldap/tfxschool.internal.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49) additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece It seems to be similar if not the same problem I am having with FR refusing to auth via ldap to our ADS server. I am stuck though I have no idea how to resolve this error and unfortunately the howto assumes it just works. Google suggests that it may be the result of my domain string dc=tfxschool,dc=interternal, which looks correct to me. Our test domain is tfxschool.internal . any help / suggestions/ insight would be greatly appreciated. Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Quick HOWTO : Ch31 : Centralized Logins Using LDAP and RADIUS - Fails on Fedora 6 + debug info
Jacob Jarick wrote: ldapadd -d9 -x -D cn=Manager,dc=tfxschool,dc=internal -W -f /etc/openldap/tfxschool.internal.ldif - http://pastebin.ca/445899 ... It seems to be similar if not the same problem I am having with FR refusing to auth via ldap to our ADS server. I am stuck though I have no idea how to resolve this error and unfortunately the howto assumes it just works. Google suggests that it may be the result of my domain string dc=tfxschool,dc=interternal, which looks correct to me. Our test domain is tfxschool.internal . any help / suggestions/ insight would be greatly appreciated. This is really an LDAP question. If you can't use LDAP tools to login to the LDAP server, you won't be able to use the same configuration in FreeRADIUS. Unfortunately, I don't use LDAP, so I can't help you here. The few times I have used it, I follow the O'Reilly LDAP book, and it works for me. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Quick HOWTO : Ch31 : Centralized Logins Using LDAP and RADIUS - Fails on Fedora 6 + debug info
Might buy that book, thanks for the reply Alan. I have also posted the same q to the the openldap mailing list so I hope to get some info from those people. Its just quite frustrating, the govt has said we can only do it this 1 way (but they themselves have never done it) and I cant find any good docs/ howtos that cover what I need in detail. All the howtos assume ldap communication works flawlessly 1st got but unfortunately its definitely not the situation. Thanks again Alan, going to make a call about the ldap book. On 4/18/07, Alan DeKok [EMAIL PROTECTED] wrote: Jacob Jarick wrote: ldapadd -d9 -x -D cn=Manager,dc=tfxschool,dc=internal -W -f /etc/openldap/tfxschool.internal.ldif - http://pastebin.ca/445899 ... It seems to be similar if not the same problem I am having with FR refusing to auth via ldap to our ADS server. I am stuck though I have no idea how to resolve this error and unfortunately the howto assumes it just works. Google suggests that it may be the result of my domain string dc=tfxschool,dc=interternal, which looks correct to me. Our test domain is tfxschool.internal . any help / suggestions/ insight would be greatly appreciated. This is really an LDAP question. If you can't use LDAP tools to login to the LDAP server, you won't be able to use the same configuration in FreeRADIUS. Unfortunately, I don't use LDAP, so I can't help you here. The few times I have used it, I follow the O'Reilly LDAP book, and it works for me. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html