Help PLease
Michael Ströder
michael at stroeder.com
Mon Mar 30 18:37:28 CEST 2015
Adam Schappell wrote:
> I can
> successfully do a ldapsearch and everything pops up successfully.
Did you bind to AD's LDAP server with
ldapsearch [..] -D <identity> -w <password>
with the very same values used in FreeRADIUS configuration or for RADIUS login?
From one of your former postings it seems that FreeRADIUS is using filter
(uid=aschappell) to search for your user account.
Is attribute 'uid' actually set in your AD user account? This is rather
unusal. By default MS AD stores user name in attribut 'sAMAccountName'. So
you'd have to change your FreeRADIUS LDAP configuration to use this attribute
when generating the search filter.
Well, another log of you shows:
---------------------- snip ----------------------
[ldap] bind as cn=Adam L. Schappell,ou=Domain
Admins,ou=Users,ou=Jessup,ou=ClearEdge,dc=corp,dc=clearedge,dc=com/Schappell##113
to corp.clearedgeit.com:389
[ldap] waiting for bind result ...
[ldap] LDAP login failed: check identity, password settings in ldap
section of radiusd.conf
---------------------- snip ----------------------
It seems in this case the user entry was found but LDAP simple bind failed.
You should check whether AD account got locked during your failing attempts.
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4272 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150330/f75979b4/attachment.bin>
More information about the Freeradius-Users
mailing list