rlm_ldap: ldap_search() failed: Operations error - advice please
Freeradius 1.1.3 installed via YUM on Fedora (not suse :P) radiusd.conf: http://pastebin.ca/447690 radiusd -X -A output: http://pastebin.ca/447693 domain: tfxschool.internal ADS: tfxschoolfs01.tfxschool.internal Hi again people, I have been pouring through the oreillys LDAP book (quite informative so far to btw). I got the example of using freeradius against the linux passwd file working fine. I tried their Freeradius and OpenLDAP (now I know ADS isnt OpenLDAP btw) and it fails with the following message: rlm_ldap: ldap_search() failed: Operations error Oriellys one reccomended for OpenLDAP (errors, possibly due to incorrect syntax ?): filter = ((objectclass=posixAccount)(uid=%{Stripped-User-Name:-%{User-Name}})) Default filter (Fails with same search error): filter = (uid=%{Stripped-User-Name:-%{User-Name}}) Im wondering if it is perhaps my basedn ?, Im still getting used to the idea of them, the user jacob (me) resides in the ou people FYI. basedn = ou=people,dc=tfxschool,dc=internal Thats all my info atm, Im currently compiling a 1.1.6 rpm (after Alan resolving my silly little mistake) and will test then report back as I feel its more likely a config error than a bug :) If some1 else has a working radius setup that auths againts AD using LDAP would they mind sending me the ldap { } section, would be very handy to compare my config to a working one. Thanks all, keep up the good work. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ldap: ldap_search() failed: Operations error - advice please
Jacob Jarick wrote: I have been pouring through the oreillys LDAP book (quite informative so far to btw). I got the example of using freeradius against the linux passwd file working fine. I tried their Freeradius and OpenLDAP (now I know ADS isnt OpenLDAP btw) and it fails with the following message: rlm_ldap: ldap_search() failed: Operations error That's an internal LDAP error saying something went wrong, and it can't be more specific than that. I'm not sure what to suggest. If some1 else has a working radius setup that auths againts AD using LDAP would they mind sending me the ldap { } section, would be very handy to compare my config to a working one. Google is your friend: freeradius ldap active directory http://lists.cistron.nl/pipermail/freeradius-users/2004-August/035046.html Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ldap: ldap_search() failed: Operations error - advice please
After more research yet again (google/ oriellys/ FR mailing list archives) I think its one of these 2 scenarios. 1 - Anonymous Searches in Active Directory isnt working 2 - When I set: # identity = cn=root,o=tfxschool,c=AU # password = pass the password should be encrypted. I have tried slappasswd but to no avail. oreillys showed me the anonymous way (which fails quite possibly due to win2k3 permissions) and the gentoo 1 actually shows u how to enable Anonymous Searches in Active Directory on windows 2000. So yes, def ldap atm not FR. I will post a seperate request asking about FR + win2k3 Allowing Anonymous Searches in Active Directory. Gentoo howto: http://gentoo-wiki.com/HOWTO_Adding_a_Samba_Server_into_an_existing_AD_Domain On 4/19/07, Alan DeKok [EMAIL PROTECTED] wrote: Jacob Jarick wrote: I have been pouring through the oreillys LDAP book (quite informative so far to btw). I got the example of using freeradius against the linux passwd file working fine. I tried their Freeradius and OpenLDAP (now I know ADS isnt OpenLDAP btw) and it fails with the following message: rlm_ldap: ldap_search() failed: Operations error That's an internal LDAP error saying something went wrong, and it can't be more specific than that. I'm not sure what to suggest. If some1 else has a working radius setup that auths againts AD using LDAP would they mind sending me the ldap { } section, would be very handy to compare my config to a working one. Google is your friend: freeradius ldap active directory http://lists.cistron.nl/pipermail/freeradius-users/2004-August/035046.html Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html