FreeRadius cannot Authenticate to Windows AD
Michael Calizo
mike.calizo at gmail.com
Mon Dec 19 03:34:11 CET 2005
Hi Alhagie,
Below is my ldap search result which i found it that it can connect to MSAD.
But when i configure my radiusd.conf Ldap part as shown below.
ldap {
server = "192.168.1.1"
#identity = "cn=admin,o=My Org,c=UA"
# password = mypass
basedn = "CN=Person,DC=chikka,DC=ph"
filter =
"(SamAccountName=%{Stripped-User-Name:-%{User-Name}})"
# base_filter = "(objectclass=radiusprofile)"
start_tls = no
}
I STILL GET THIS ERROR BELOW WHEN I TRY TO USE RADTEST AS SHOWN BELOW:
radtest mike mike123 192.168.1.13:1812 1812 testing1234
Sending Access-Request of id 185 to 192.168.1.13:1812
User-Name = "mike"
User-Password = "mike123"
NAS-IP-Address = repository.domain.com
NAS-Port = 1812
rad_recv: Access-Reject packet from host 192.168.1.13:1812, id=185,
length=20
RADIUSD LOG:
rlm_ldap: login attempt by "mike" with password "mike123"
radius_xlat: '(SamAccountName=mike)'
radius_xlat: 'CN=Person,DC=chikka,DC=ph'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 192.168.1.1:389, authentication 0
rlm_ldap: bind as / to 192.168.1.1:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in CN=Person,DC=chikka,DC=ph, with filter
(SamAccountName=mike)
rlm_ldap: ldap_search() failed: Operations error
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authenticate]: module "ldap" returns fail for request 0
modcall: group Auth-Type returns fail for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 185 to 192.168.1.13:37977
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 185 with timestamp 43a61b6c
Nothing to do. Sleeping until we see a request.
LDAPSEARCH RESULT
[root at repository ~]# ldapsearch -LLL -h 192.168.1.1 -x -b 'dc=domain,dc=com'
'(samaccountname=mike)' -D mike -w mike123
dn: CN=mike,CN=Users,DC=domain,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: mike
givenName: mike
distinguishedName: CN=mike,CN=Users,DC=domain,DC=com
instanceType: 4
whenCreated: 20050616031658.0Z
whenChanged: 20051201135642.0Z
displayName: mike
uSNCreated: 11557650
memberOf: CN=svnusers,CN=Users,DC=domain,DC=com
memberOf: CN=noc,CN=Users,DC=domain,DC=com
memberOf: CN=QA,CN=Users,DC=domain,DC=com
uSNChanged: 12322817
name: mike
objectGUID:: vSHdzG0AG02jW9AZzurvqQ==
userAccountControl: 66048
badPwdCount: 2
codePage: 0
countryCode: 0
badPasswordTime: 127792025390218068
lastLogoff: 0
lastLogon: 127758129860897359
pwdLastSet: 127779190022698471
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAc+SiCBWZJKtAqKm9ZQUAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: mike
sAMAccountType: 805306368
userPrincipalName: mike at domain.com
lockoutTime: 0
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=com
# refldap://ForestDnsZones.domain.com/DC=ForestDnsZones,DC=domain,DC=com
# refldap://DomainDnsZones.domain/DC=DomainDnsZones,DC=doamin,DC=com
# refldap://chikka.ph/CN=Configuration,DC=doamin,DC=com
Thnx in advance,
--
Mike Calizo
Registered Linux User # 365113
_________________________________________________
Even the longest journey has to start with a small first-step
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051219/39d1cd41/attachment.html>
More information about the Freeradius-Users
mailing list