Re: Windows Authentication Failing After Changing IP
Can anyone provide any input? I'm really clueless\stuck at this point. I've run some LDP tool to verify credentials and DN is correct. Any input would be deeply appreciated. On Wed, Jan 27, 2010 at 2:14 AM, Edwin Isada eis...@gmail.com wrote: I commented out rebind and chase_referral, but this didn't fix the issue. Can someone explain to me what this change fixes for my curiosity? On Tue, Jan 26, 2010 at 11:31 PM, Edwin Isada eis...@gmail.com wrote: Thanks Alan. I upgraded to 2.1.8, but I'm unable to find anything regarding operations error. Sorry if this is a stupid question, but I can't figure this one out as I verified my configuration. It must be something really minor, but any assistance\clue would be deeply appreciated. On Fri, Jan 8, 2010 at 1:48 AM, Alan DeKok al...@deployingradius.comwrote: Edwin Isada wrote: .. rlm_ldap: performing search in dc=eidev,dc=com, with filter ((objectCategory=user)(samaccountname=edwinadmin)(memberOf=cn=MIS-NetworkAdmins-All,OU=Security Groups,OU=MIS Admin,DC=EIDEV,DC=COM)) rlm_ldap: ldap_search() failed: Operations error In 2.1.8, read raddb/modules/ldap, and look for operations error. In older versions... upgrade. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows Authentication Failing After Changing IP
Thanks Alan. I upgraded to 2.1.8, but I'm unable to find anything regarding operations error. Sorry if this is a stupid question, but I can't figure this one out as I verified my configuration. It must be something really minor, but any assistance\clue would be deeply appreciated. On Fri, Jan 8, 2010 at 1:48 AM, Alan DeKok al...@deployingradius.comwrote: Edwin Isada wrote: .. rlm_ldap: performing search in dc=eidev,dc=com, with filter ((objectCategory=user)(samaccountname=edwinadmin)(memberOf=cn=MIS-NetworkAdmins-All,OU=Security Groups,OU=MIS Admin,DC=EIDEV,DC=COM)) rlm_ldap: ldap_search() failed: Operations error In 2.1.8, read raddb/modules/ldap, and look for operations error. In older versions... upgrade. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows Authentication Failing After Changing IP
I commented out rebind and chase_referral, but this didn't fix the issue. Can someone explain to me what this change fixes for my curiosity? On Tue, Jan 26, 2010 at 11:31 PM, Edwin Isada eis...@gmail.com wrote: Thanks Alan. I upgraded to 2.1.8, but I'm unable to find anything regarding operations error. Sorry if this is a stupid question, but I can't figure this one out as I verified my configuration. It must be something really minor, but any assistance\clue would be deeply appreciated. On Fri, Jan 8, 2010 at 1:48 AM, Alan DeKok al...@deployingradius.comwrote: Edwin Isada wrote: .. rlm_ldap: performing search in dc=eidev,dc=com, with filter ((objectCategory=user)(samaccountname=edwinadmin)(memberOf=cn=MIS-NetworkAdmins-All,OU=Security Groups,OU=MIS Admin,DC=EIDEV,DC=COM)) rlm_ldap: ldap_search() failed: Operations error In 2.1.8, read raddb/modules/ldap, and look for operations error. In older versions... upgrade. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Windows Authentication Failing After Changing IP
Hello everyone, I recently changed the IP address of our RADIUS server and changed domain controllers for Windows Authentication. Besides that change we decided to use LDAP instead of LDAPS on the new domain controller. I didn't think I would run into a problem with my test lab on the changes that were made. I'm stumped why the devices can no longer authenticate. Anyone have any ideas as I'm getting familiar with FreeRADIUS and Linux. I appreciate any input... Below is an output of the debug: Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/var/run/radiusd/radiusd.sock Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 192.168.213.254 port 1645, id=13, length=85 NAS-IP-Address = 192.168.213.254 NAS-Port = 1 NAS-Port-Type = Virtual User-Name = edwinadmin Calling-Station-Id = 192.168.213.207 User-Password = Teddy133 +- entering group authorize {...} ++[preprocess] returns ok ++[digest] returns noop [suffix] No '@' in User-Name = edwinadmin, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [ntdomain] No '\' in User-Name = edwinadmin, looking up realm NULL [ntdomain] No such realm NULL ++[ntdomain] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop [ldap] performing user authorization for edwinadmin [ldap] expand: ((objectCategory=user)(samaccountname=%{user-name})(memberOf=cn=MIS-NetworkAdmins-All,OU=Security Groups,OU=MIS Admin,DC=EIDEV,DC=COM)) - ((objectCategory=user)(samaccountname=edwinadmin)(memberOf=cn=MIS-NetworkAdmins-All,OU=Security Groups,OU=MIS Admin,DC=EIDEV,DC=COM)) [ldap] expand: dc=eidev,dc=com - dc=eidev,dc=com rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to eidev-dc6.eidev.com:389, authentication 0 rlm_ldap: bind as eidev\radius/N3tw0rkd3^ to eidev-dc6.eidev.com:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=eidev,dc=com, with filter ((objectCategory=user)(samaccountname=edwinadmin)(memberOf=cn=MIS-NetworkAdmins-All,OU=Security Groups,OU=MIS Admin,DC=EIDEV,DC=COM)) rlm_ldap: ldap_search() failed: Operations error [ldap] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns fail Invalid user: [edwinadmin] (from client EIDEV LAB port 1 cli 192.168.213.207) Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - edwinadmin attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 13 to 192.168.213.254 port 1645 Waking up in 4.9 seconds. Cleaning up request 0 ID 13 with timestamp +50 Ready to process requests. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows Authentication Failing After Changing IP
Edwin Isada wrote: .. rlm_ldap: performing search in dc=eidev,dc=com, with filter ((objectCategory=user)(samaccountname=edwinadmin)(memberOf=cn=MIS-NetworkAdmins-All,OU=Security Groups,OU=MIS Admin,DC=EIDEV,DC=COM)) rlm_ldap: ldap_search() failed: Operations error In 2.1.8, read raddb/modules/ldap, and look for operations error. In older versions... upgrade. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html