Problems freeradius and samba4

Iliya Peregoudov iperegudov at cboss.ru
Thu Jun 13 09:37:09 CEST 2013


On 12.06.2013 4:19, ricardobarbosams wrote:
>
> No my filter is
>
> filter = "(&(objectClass=user)(sAMAccountName=%{User-Name}))"

I do not talk about filter, I do talk about binding to the directory. 
Your ldapsearch binds to the directory using one user and your radiusd 
binds to directory as another user. These users can have different 
authorization levels in the directory server. Directory may allow to 
retrieve objects to user2 at batlab.corp user but disallow it to 
CN=freeradius,OU=noc,OU=batlab,DC=batlab,DC=corp user.

Configure radiusd to use the user2 at batlab.corp user to bind to the 
directory and you'll get same results as with ldapsearch.


More information about the Freeradius-Users mailing list