FreeRadius and AD Integration - Sync issue
Hello,
we are working on a project to integrate FreeRadius + multiOTP with Active Directory.
Everything seems to work well (e.g., connection and so on), but the sync process does not sync any user.
My Linux Distribution is a Debian 9 64 bit and below you can see the all the software versions:
Specifically, the configuration is the following:
--> Of course LinuxTestGroup contains some testing users, such as foobar.
and below we show the output of the check/sync commands:
--> No user info here!!!
--> Error Code 39 here!!!
--> Some warnings but successfully done... Anyway no synched users!
What's the issue?
Thanks,
Francesco
we are working on a project to integrate FreeRadius + multiOTP with Active Directory.
Everything seems to work well (e.g., connection and so on), but the sync process does not sync any user.
My Linux Distribution is a Debian 9 64 bit and below you can see the all the software versions:
# php --version
PHP 7.0.19-1 (cli) (built: May 11 2017 14:04:47) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
with Zend OPcache v7.0.19-1, Copyright (c) 1999-2017, by Zend Technologies
# multiotp -version
LOG 2017-12-21 15:26:15 debug Debug Debug: *parameter(s) received: -version
multiOTP 5.0.4.8 (2017-06-06) [CLI]
19 *INFO: Requested operation successfully done
# freeradius -v
radiusd: FreeRADIUS Version 3.0.12, for host x86_64-pc-linux-gnu, built on Aug 10 2017 at 07:05:06
FreeRADIUS Version 3.0.12
Specifically, the configuration is the following:
# multiotp -config default-request-prefix-pin=1
# multiotp -config default-request-ldap-pwd=1
# multiotp -config ldap-server-type=1
# multiotp -config ldap-cn-identifier="sAMAccountName"
# multiotp -config ldap-group-cn-identifier="sAMAccountName"
# multiotp -config ldap-group-attribute="memberOf"
# multiotp -config ldap-ssl=0
# multiotp -config ldap-port=389
# multiotp -config ldap-domain-controllers="example.com"
# multiotp -config ldap-base-dn="DC=example,DC=com"
# multiotp -config ldap-bind-dn="CN=freeradius,OU=Test,DC=example,DC=com"
# multiotp -config ldap-server-password="passwordhere"
# multiotp -config ldap-in-group="LinuxTestGroup"
# multiotp -config ldap-network-timeout=10
# multiotp -config ldap-time-limit=30
# multiotp -config ldap-activated=1
--> Of course LinuxTestGroup contains some testing users, such as foobar.
and below we show the output of the check/sync commands:
# multiotp -debug -display-log -ldap-check
LOG 2017-12-21 15:59:24 debug Debug Debug: *parameter(s) received: -debug -display-log -ldap-check
19 *INFO: Requested operation successfully done
# multiotp -ldap-user-info foobar
LOG 2017-12-21 15:59:51 debug Debug Debug: *parameter(s) received: -debug -display-log -ldap-user-info foobar
LOG 2017-12-21 15:59:51 debug System Debug: *LDAP cache folder value: /tmp/.ldap_cache/
LOG 2017-12-21 15:59:51 debug Debug Debug: *AD/LDAP connection defined
LOG 2017-12-21 15:59:51 debug Debug Debug: *AD/LDAP GetLdapUsersInfoArray processing
LOG 2017-12-21 15:59:51 debug Debug Debug: *AD/LDAP server is Microsoft AD
LOG 2017-12-21 15:59:51 debug Debug Debug: *AD/LDAP GetLdapUsersInfoArray done ()
19 *INFO: Requested operation successfully done
--> No user info here!!!
# multiotp -ldap-users-list
LOG 2017-12-21 16:02:08 debug Debug Debug: *parameter(s) received: -ldap-users-list
LOG 2017-12-21 16:02:08 debug System Debug: *LDAP cache folder value: /tmp/.ldap_cache/
39 *ERROR: Requested operation aborted
LOG 2017-12-21 16:02:08 debug Debug Debug: *Attributes sent to the RADIUS server: Reply-Message := "ERROR: Requested operation aborted"
Reply-Message := "ERROR: Requested operation aborted"
--> Error Code 39 here!!!
# multiotp -ldap-users-sync
LOG 2017-12-21 16:03:01 debug Debug Debug: *parameter(s) received: -ldap-users-sync
LOG 2017-12-21 16:03:01 debug LDAP Debug: *AD/LDAP synchronization started at 16:03:01 / Memory used: 8.4MB / Peak: 20.1MB
LOG 2017-12-21 16:03:01 info LDAP Info: AD/LDAP synchronization started
LOG 2017-12-21 16:03:01 debug System Debug: *LDAP cache folder value: /tmp/.ldap_cache/
PHP Warning: ldap_control_paged_result_response(): Result is: Referral (10) in /opt/multiOTP/linux/multiotp.php on line 56
PHP Warning: ldap_control_paged_result_response(): Result is: Referral (10) in /opt/multiOTP/linux/multiotp.php on line 56
PHP Warning: ldap_control_paged_result_response(): Result is: Referral (10) in /opt/multiOTP/linux/multiotp.php on line 4
LOG 2017-12-21 16:03:01 info LDAP Info: No update for the 0 LDAP synced users, based on 1 LDAP entries (processed in 00:00:00)
19 *INFO: Requested operation successfully done
--> Some warnings but successfully done... Anyway no synched users!
What's the issue?
Thanks,
Francesco
This discussion has been closed.
Comments
Regards