Problems freeradius and samba4

Roberto Ortega Ramiro roberto.ortega at esj.es
Fri Jun 14 09:40:58 CEST 2013


Hi, i'm starter here but, the user freeradius in your ldap must be able to
read user's passwords.

Try with administrator in /etc/raddb/modules/ldap and if it works, the user
freeradius won't has rigths for this.

By

El viernes, 14 de junio de 2013, ricardobarbosams escribió:

> Hi.
>
> Executing ldapsearch with user freeradius
>
> root at maxwell:~# ldapsearch -LLL -x -h 192.168.0.4 -b "dc=batlab,dc=corp"
> -D "CN=freeradius,OU=noc,OU=**batlab,DC=batlab,DC=corp" -W
> "(sAMAccountName=**administrator)" cn
> Enter LDAP Password:
> dn: CN=Administrator,CN=Users,DC=**batlab,DC=corp
> cn: Administrator
>
>
> Its Works.
>
> Regards.
>
> Em 06/13/13 03:37, Iliya Peregoudov escreveu:
>
>> On 12.06.2013 4:19, ricardobarbosams wrote:
>>
>>>
>>> No my filter is
>>>
>>> filter = "(&(objectClass=user)(**sAMAccountName=%{User-Name}))"
>>>
>>
>> I do not talk about filter, I do talk about binding to the directory.
>> Your ldapsearch binds to the directory using one user and your radiusd
>> binds to directory as another user. These users can have different
>> authorization levels in the directory server. Directory may allow to
>> retrieve objects to user2 at batlab.corp user but disallow it to
>> CN=freeradius,OU=noc,OU=**batlab,DC=batlab,DC=corp user.
>>
>> Configure radiusd to use the user2 at batlab.corp user to bind to the
>> directory and you'll get same results as with ldapsearch.
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
>> list/users.html <http://www.freeradius.org/list/users.html>
>>
>>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
> list/users.html <http://www.freeradius.org/list/users.html>
>


-- 
-- 
Un saludo.
____________________

Roberto Ortega
Profesor de Informática.
http://www.proyectoret.es

Escuelas San José Valencia
Avd.Cortes Valencianas nº1
46015 Valencia
R4600489A
Tf:963499011 ext. 262
Fax:963488835
http://www.escuelassj.com

No imprimas este correo si no es necesario. Protejamos el medio ambiente.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130614/1d823a7f/attachment-0001.html>


More information about the Freeradius-Users mailing list