Help PLease
Adam Schappell
aschappell at clearedgeit.com
Mon Mar 30 18:58:02 CEST 2015
Also no the attribute in AD under UNIX Attributes is not set.
Adam Schappell
System Administrator II
Clearedge IT Solutions, LLC
10620 Guilford Road
Jessup, MD 20794
Office:443-212-4712
Fax:443-212-4809
www.ClearEdgeIT.com <http://www.clearedgeit.com/>
On Mon, Mar 30, 2015 at 12:37 PM, Michael Ströder <michael at stroeder.com>
wrote:
> Adam Schappell wrote:
>
>> I can
>> successfully do a ldapsearch and everything pops up successfully.
>>
>
> Did you bind to AD's LDAP server with
> ldapsearch [..] -D <identity> -w <password>
> with the very same values used in FreeRADIUS configuration or for RADIUS
> login?
>
> From one of your former postings it seems that FreeRADIUS is using filter
> (uid=aschappell) to search for your user account.
>
> Is attribute 'uid' actually set in your AD user account? This is rather
> unusal. By default MS AD stores user name in attribut 'sAMAccountName'.
> So you'd have to change your FreeRADIUS LDAP configuration to use this
> attribute when generating the search filter.
>
> Well, another log of you shows:
>
> ---------------------- snip ----------------------
> [ldap] bind as cn=Adam L. Schappell,ou=Domain
> Admins,ou=Users,ou=Jessup,ou=ClearEdge,dc=corp,dc=
> clearedge,dc=com/Schappell##113
> to corp.clearedgeit.com:389
>
> [ldap] waiting for bind result ...
>
> [ldap] LDAP login failed: check identity, password settings in ldap
> section of radiusd.conf
> ---------------------- snip ----------------------
>
> It seems in this case the user entry was found but LDAP simple bind
> failed. You should check whether AD account got locked during your failing
> attempts.
>
> Ciao, Michael.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list