Problem with LDAP queries

classic Classic list List threaded Threaded
4 messages Options
| Threaded
Open this post in threaded view
|

Problem with LDAP queries

edsonLuis
I currently have a freeradius + LDAP server, I'm having a big problem, authentication works inconsistently, even for valid users with correct credentials, there are times when the user authenticates and at times not, the error is displayed:
(11) ldap: ERROR: Bind with uid = test, or = wifi, dc = test, dc = org to ldap: //X.X.X.X failed: Other (e.g., implementation specific) error
(11) ldap: ERROR: Server said: Failure authenticating with password.

The curious thing is that the problem only occurs in the authentication phase, I captured and analyzed the traffic of queries and strangely the information goes incorrect, it uses information from another user (one of the last connections), mixing everything, I think this is the problem, but I don't know what is causing it.



* information like server DN and IP has been modified
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Problem with LDAP queries

Ibrahim AKSIT
Hello dear there, could you please check the timezone date time on both
FreeRadius server and LDAP server?
It might be date time issue. You may set both them manually or use ntp
service. After then you can check logs and see what is going on.
I hope that is going to work for you
Good luck

On 8 Sep 2019 Sun at 01:00 edson luiz <[hidden email]> wrote:

> I currently have a freeradius + LDAP server, I'm having a big problem,
> authentication works inconsistently, even for valid users with correct
> credentials, there are times when the user authenticates and at times not,
> the error is displayed:
> (11) ldap: ERROR: Bind with uid = test, or = wifi, dc = test, dc = org to
> ldap: //X.X.X.X failed: Other (e.g., implementation specific) error
> (11) ldap: ERROR: Server said: Failure authenticating with password.
>
> The curious thing is that the problem only occurs in the authentication
> phase, I captured and analyzed the traffic of queries and strangely the
> information goes incorrect, it uses information from another user (one of
> the last connections), mixing everything, I think this is the problem, but
> I don't know what is causing it.
>
>
>
> * information like server DN and IP has been modified
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

--

İbrahim AKŞİT

Best Regards and Wishes
Yours Sincerely.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

RE: Problem with LDAP queries

edsonLuis
I adjusted the timezone of both, but the error persists, what more can I try? I'm using version 3.0.16, but tried with 3.0.19, and also had error, which may be misaligning queries in the authorization section?
________________________________
De: Freeradius-Users <freeradius-users-bounces+xxicx=[hidden email]> em nome de Ibrahim AKSIT <[hidden email]>
Enviado: domingo, 8 de setembro de 2019 17:49
Para: FreeRadius users mailing list <[hidden email]>
Assunto: Re: Problem with LDAP queries

Hello dear there, could you please check the timezone date time on both
FreeRadius server and LDAP server?
It might be date time issue. You may set both them manually or use ntp
service. After then you can check logs and see what is going on.
I hope that is going to work for you
Good luck

On 8 Sep 2019 Sun at 01:00 edson luiz <[hidden email]> wrote:

> I currently have a freeradius + LDAP server, I'm having a big problem,
> authentication works inconsistently, even for valid users with correct
> credentials, there are times when the user authenticates and at times not,
> the error is displayed:
> (11) ldap: ERROR: Bind with uid = test, or = wifi, dc = test, dc = org to
> ldap: //X.X.X.X failed: Other (e.g., implementation specific) error
> (11) ldap: ERROR: Server said: Failure authenticating with password.
>
> The curious thing is that the problem only occurs in the authentication
> phase, I captured and analyzed the traffic of queries and strangely the
> information goes incorrect, it uses information from another user (one of
> the last connections), mixing everything, I think this is the problem, but
> I don't know what is causing it.
>
>
>
> * information like server DN and IP has been modified
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

--

İbrahim AKŞİT

Best Regards and Wishes
Yours Sincerely.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Problem with LDAP queries

Alan DeKok-2
In reply to this post by edsonLuis
On Sep 7, 2019, at 5:57 PM, edson luiz <[hidden email]> wrote:
>
> I currently have a freeradius + LDAP server, I'm having a big problem, authentication works inconsistently, even for valid users with correct credentials, there are times when the user authenticates and at times not, the error is displayed:
> (11) ldap: ERROR: Bind with uid = test, or = wifi, dc = test, dc = org to ldap: //X.X.X.X failed: Other (e.g., implementation specific) error

  That's unhelpful.  This error comes directly from LDAP, so there isn't much that we can do about it.

> (11) ldap: ERROR: Server said: Failure authenticating with password.
>
> The curious thing is that the problem only occurs in the authentication phase, I captured and analyzed the traffic of queries and strangely the information goes incorrect, it uses information from another user (one of the last connections), mixing everything, I think this is the problem, but I don't know what is causing it.

  The server doesn't do that.  For the simple reason that each request is processed in isolation.  There's no way for one request to get the information of another request.

  LDAP connections are re-used for performance, but that can't cause this issue.  The LDAP connections *only* do queries using the admin name/password supplied in the configuration.  If FreeRADIUS does a "bind as user" with a connection, then it closes the connection.  This prevents cross-contamination of user credentials.

  But one connection *will* do queries for multiple users.  That's by design, and it's documented as doing that.

  If you really want to see what's going on, then post the debug output.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html