Active Directory Users

Mohammad Abohelal admin at omail.co.il
Fri Aug 18 00:43:44 CEST 2006


No ldap? Why?  The active directory services based LDAP.

 

Sorry I don't understand why... :-)  

 

________________________________

From: freeradius-users-bounces+admin=omail.co.il at lists.freeradius.org [mailto:freeradius-users-bounces+admin=omail.co.il at lists.freeradius.org] On Behalf Of Domingo Antonio
Sent: Thursday, August 17, 2006 9:58 PM
To: 'FreeRadius users mailing list'
Subject: RES: Active Directory Users

 

no ldap..

you need to use ntlm authentication....

 

 

you need to configure your samba as ADS security mode, add samba to AD and start winbind service...

 

 

 

________________________________

De: freeradius-users-bounces+domingo=netcomp.com.br at lists.freeradius.org [mailto:freeradius-users-bounces+domingo=netcomp.com.br at lists.freeradius.org] Em nome de Mohammad Abohelal
Enviada em: quinta-feira, 17 de agosto de 2006 17:45
Para: freeradius-users at lists.freeradius.org
Assunto: Active Directory Users

Hi all

 

I need help with simple configuration to authenticate windows active directory users via free radius. 

 

I have a domain controller, Cisco vpdn router , and free radius  UNIX environment  ( FreeBSD ) 

 

Active directory group: VPDN, user name's have allow dialin on user option 

 

Radiusd.conf ldap configuration: 

 

      ldap {

 

            server = "ad.xxx.yyy"

            identity = "CN=radiusd,OU=External_Object,DC=xxxl,DC=yyy"

            password = radiusd111

            basedn = "OU=VPDN_USERS,OU=External_Object,DC=xxx,DC=yyy"

            filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"

            base_filter = "(objectclass=radiusprofile)" 

 

      

When I try to connect via l2tp dialer I get error:  (auth: Failed to validate the user  ( 

 

 

modcall: leaving group authorize (returns ok) for request 0

  rad_check_password:  Found Auth-Type LDAP

auth: type "LDAP"

  Processing the authenticate section of radiusd.conf

modcall: entering group LDAP for request 0

rlm_ldap: - authenticate

rlm_ldap: login attempt by "vpdn1" with password "xxxx"

radius_xlat:  '(uid=vpdn1)'

radius_xlat:  'OU=VPDN_USERS,OU=External_Object,DC=xxxl,DC=yyy'

rlm_ldap: ldap_get_conn: Checking Id: 0

rlm_ldap: ldap_get_conn: Got Id: 0

rlm_ldap: attempting LDAP reconnection

rlm_ldap: (re)connect to ad.xxx.yyy:389, authentication 0

rlm_ldap: bind as CN=radiusd,OU=External_Object,DC=xxx,DC=yyy/radiusd111 to ad.xxx.yyy:389

rlm_ldap: waiting for bind result ...

rlm_ldap: Bind was successful

rlm_ldap: performing search in OU=VPDN_USERS,OU=External_Object,DC=xxx,DC=yyy, with filter (uid=vpdn1)

rlm_ldap: object not found or got ambiguous search result

rlm_ldap: ldap_release_conn: Release Id: 0

  modcall[authenticate]: module "ldap" returns notfound for request 0

modcall: leaving group LDAP (returns notfound) for request 0

auth: Failed to validate the user.

Login incorrect (rlm_ldap: User not found): [vpdn1/xxxx (from client wan-gw1 port 25)

Delaying request 0 for 1 seconds

Finished request 0

Going to the next request

Thread 1 waiting to be assigned a request

rad_recv: Access-Request packet from host 194.90.143.73:1645, id=20, length=102

Sending Access-Reject of id 20 to 194.90.143.73 port 1645

--- Walking the entire request list ---

Waking up in 1 seconds...

--- Walking the entire request list ---

Cleaning up request 0 ID 20 with timestamp 44e4c472

Nothing to do.  Sleeping until we see a request.

 

 

Thank you 

 

Mohammad 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060818/86ded88e/attachment.html>


More information about the Freeradius-Users mailing list