FreeRadius and AD Integration - Sync issue

Hello,

we are working on a project to integrate FreeRadius + multiOTP with Active Directory.
Everything seems to work well (e.g., connection and so on), but the sync process does not sync any user.

My Linux Distribution is a Debian 9 64 bit and below you can see the all the software versions:

# php --version PHP 7.0.19-1 (cli) (built: May 11 2017 14:04:47) ( NTS ) Copyright (c) 1997-2017 The PHP Group Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies with Zend OPcache v7.0.19-1, Copyright (c) 1999-2017, by Zend Technologies

# multiotp -version LOG 2017-12-21 15:26:15 debug Debug Debug: *parameter(s) received: -version multiOTP 5.0.4.8 (2017-06-06) [CLI] 19 *INFO: Requested operation successfully done

# freeradius -v radiusd: FreeRADIUS Version 3.0.12, for host x86_64-pc-linux-gnu, built on Aug 10 2017 at 07:05:06
FreeRADIUS Version 3.0.12


Specifically, the configuration is the following:
# multiotp -config default-request-prefix-pin=1 # multiotp -config default-request-ldap-pwd=1 # multiotp -config ldap-server-type=1 # multiotp -config ldap-cn-identifier="sAMAccountName" # multiotp -config ldap-group-cn-identifier="sAMAccountName" # multiotp -config ldap-group-attribute="memberOf" # multiotp -config ldap-ssl=0 # multiotp -config ldap-port=389 # multiotp -config ldap-domain-controllers="example.com" # multiotp -config ldap-base-dn="DC=example,DC=com" # multiotp -config ldap-bind-dn="CN=freeradius,OU=Test,DC=example,DC=com" # multiotp -config ldap-server-password="passwordhere" # multiotp -config ldap-in-group="LinuxTestGroup" # multiotp -config ldap-network-timeout=10 # multiotp -config ldap-time-limit=30 # multiotp -config ldap-activated=1

--> Of course LinuxTestGroup contains some testing users, such as foobar.

and below we show the output of the check/sync commands:
# multiotp -debug -display-log -ldap-check LOG 2017-12-21 15:59:24 debug Debug Debug: *parameter(s) received: -debug -display-log -ldap-check 19 *INFO: Requested operation successfully done

# multiotp -ldap-user-info foobar LOG 2017-12-21 15:59:51 debug Debug Debug: *parameter(s) received: -debug -display-log -ldap-user-info foobar LOG 2017-12-21 15:59:51 debug System Debug: *LDAP cache folder value: /tmp/.ldap_cache/ LOG 2017-12-21 15:59:51 debug Debug Debug: *AD/LDAP connection defined LOG 2017-12-21 15:59:51 debug Debug Debug: *AD/LDAP GetLdapUsersInfoArray processing LOG 2017-12-21 15:59:51 debug Debug Debug: *AD/LDAP server is Microsoft AD LOG 2017-12-21 15:59:51 debug Debug Debug: *AD/LDAP GetLdapUsersInfoArray done () 19 *INFO: Requested operation successfully done

--> No user info here!!!

# multiotp -ldap-users-list LOG 2017-12-21 16:02:08 debug Debug Debug: *parameter(s) received: -ldap-users-list LOG 2017-12-21 16:02:08 debug System Debug: *LDAP cache folder value: /tmp/.ldap_cache/ 39 *ERROR: Requested operation aborted LOG 2017-12-21 16:02:08 debug Debug Debug: *Attributes sent to the RADIUS server: Reply-Message := "ERROR: Requested operation aborted" Reply-Message := "ERROR: Requested operation aborted"

--> Error Code 39 here!!!

# multiotp -ldap-users-sync LOG 2017-12-21 16:03:01 debug Debug Debug: *parameter(s) received: -ldap-users-sync LOG 2017-12-21 16:03:01 debug LDAP Debug: *AD/LDAP synchronization started at 16:03:01 / Memory used: 8.4MB / Peak: 20.1MB LOG 2017-12-21 16:03:01 info LDAP Info: AD/LDAP synchronization started LOG 2017-12-21 16:03:01 debug System Debug: *LDAP cache folder value: /tmp/.ldap_cache/ PHP Warning: ldap_control_paged_result_response(): Result is: Referral (10) in /opt/multiOTP/linux/multiotp.php on line 56 PHP Warning: ldap_control_paged_result_response(): Result is: Referral (10) in /opt/multiOTP/linux/multiotp.php on line 56 PHP Warning: ldap_control_paged_result_response(): Result is: Referral (10) in /opt/multiOTP/linux/multiotp.php on line 4 LOG 2017-12-21 16:03:01 info LDAP Info: No update for the 0 LDAP synced users, based on 1 LDAP entries (processed in 00:00:00) 19 *INFO: Requested operation successfully done

--> Some warnings but successfully done... Anyway no synched users!

What's the issue?

Thanks,
Francesco

Comments

  • Hello, can you please send us an email at support@multiotp.net with your details and we will contact you by phone to organize a remote session to check the process. Best regards
  • you need to delete files inside the /multiotp/users database and resync again and it will work.
  • Hello thanks for your feedback. We close the case. Probably a file authorization issue.
    Regards
This discussion has been closed.