Alhagie,<br>
<br>
Hey, i made it work now.. I can now authenticate to my MSAD... Tnx for
the hints.: My radius.conf looks like this now... I can now even make
my CISCO 1700 dial-in server to authenticate to my MSAD.<br>
<br>
<br>
ldap {<br>
server = "<a href="http://192.168.1.1">192.168.1.1</a>"<br>
#identity = "cn=admin,o=My Org,c=UA"<br>
identity = "<a href="mailto:mike@domain.com">mike@domain.com</a><br>
password = mike123<br>
# password = mypass<br>
basedn = "CN=Users,DC=domain,DC=com"<br>
filter = "(SamAccountName=%{Stripped-User-Name:-%{User-Name}})"<br>
<br>
<br>
<br>
Tnx for your help...<br>
<br>
<br>
<br><br><div><span class="gmail_quote">On 12/19/05, <b class="gmail_sendername">Michael Calizo</b> <<a href="mailto:mike.calizo@gmail.com">mike.calizo@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi Alhagie,<br>
<br>
Below is my ldap search result which i found it that it can connect to
MSAD. But when i configure my radiusd.conf Ldap part as shown
below.<br>
<br>
ldap {<br>
server = "<a href="http://192.168.1.1" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.1</a>"<br>
#identity = "cn=admin,o=My Org,c=UA"<br>
# password = mypass<br>
basedn = "CN=Person,DC=chikka,DC=ph"<span class="q"><br>
filter = "(SamAccountName=%{Stripped-User-Name:-%{User-Name}})"<br></span>
# base_filter = "(objectclass=radiusprofile)"<br>
<br>
start_tls = no<br>
}<br>
<br>
I STILL GET THIS ERROR BELOW WHEN I TRY TO USE RADTEST AS SHOWN BELOW:<br>
<br>
radtest mike mike123 <a href="http://192.168.1.13:1812" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.13:1812</a> 1812 testing1234<br>
Sending Access-Request of id 185 to <a href="http://192.168.1.13:1812" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.13:1812</a><br>
User-Name = "mike"<br>
User-Password = "mike123"<br>
NAS-IP-Address = <a href="http://repository.domain.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">repository.domain.com</a><br>
NAS-Port = 1812<br>
rad_recv: Access-Reject packet from host <a href="http://192.168.1.13:1812" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.13:1812</a>, id=185, length=20<br>
<br>
RADIUSD LOG:<br>
<br>
rlm_ldap: login attempt by "mike" with password "mike123"<br>
radius_xlat: '(SamAccountName=mike)'<br>
radius_xlat: 'CN=Person,DC=chikka,DC=ph'<span class="q"><br>
rlm_ldap: ldap_get_conn: Checking Id: 0<br>
rlm_ldap: ldap_get_conn: Got Id: 0<br>
rlm_ldap: attempting LDAP reconnection<br>
rlm_ldap: (re)connect to <a href="http://192.168.1.1:389" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.1:389</a>, authentication 0<br></span>
rlm_ldap: bind as / to <a href="http://192.168.1.1:389" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.1:389</a><span class="q"><br>
rlm_ldap: waiting for bind result ...<br></span>
rlm_ldap: Bind was successful<br>
rlm_ldap: performing search in CN=Person,DC=chikka,DC=ph, with filter (SamAccountName=mike)<br>
rlm_ldap: ldap_search() failed: Operations error<span class="q"><br>
rlm_ldap: ldap_release_conn: Release Id: 0<br>
modcall[authenticate]: module "ldap" returns fail for request 0<br>
modcall: group Auth-Type returns fail for request 0<br>
auth: Failed to validate the user.<br>
Delaying request 0 for 1 seconds<br>
Finished request 0<br>
Going to the next request<br>
--- Walking the entire request list ---<br>
Waking up in 1 seconds...<br>
--- Walking the entire request list ---<br>
Waking up in 1 seconds...<br>
--- Walking the entire request list ---<br></span>
Sending Access-Reject of id 185 to <a href="http://192.168.1.13:37977" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.13:37977</a><span class="q"><br>
Waking up in 4 seconds...<br>
--- Walking the entire request list ---<br></span>
Cleaning up request 0 ID 185 with timestamp 43a61b6c<span class="q"><br>
Nothing to do. Sleeping until we see a request.<br>
<br>
<br></span>
LDAPSEARCH RESULT<br>
<br>
[root@repository ~]# ldapsearch -LLL -h <a href="http://192.168.1.1" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.1</a> -x -b 'dc=domain,dc=com' '(samaccountname=mike)' -D mike -w mike123
<br>
dn: CN=mike,CN=Users,DC=domain,DC=com<br>
objectClass: top<br>
objectClass: person<br>
objectClass: organizationalPerson<br>
objectClass: user<br>
cn: mike<br>
givenName: mike<br>
distinguishedName: CN=mike,CN=Users,DC=domain,DC=com<br>
instanceType: 4<br>
whenCreated: 20050616031658.0Z<br>
whenChanged: 20051201135642.0Z<br>
displayName: mike<br>
uSNCreated: 11557650<br>
memberOf: CN=svnusers,CN=Users,DC=domain,DC=com<br>
memberOf: CN=noc,CN=Users,DC=domain,DC=com<br>
memberOf: CN=QA,CN=Users,DC=domain,DC=com<br>
uSNChanged: 12322817<br>
name: mike<br>
objectGUID:: vSHdzG0AG02jW9AZzurvqQ==<br>
userAccountControl: 66048<br>
badPwdCount: 2<br>
codePage: 0<br>
countryCode: 0<br>
badPasswordTime: 127792025390218068<br>
lastLogoff: 0<br>
lastLogon: 127758129860897359<br>
pwdLastSet: 127779190022698471<br>
primaryGroupID: 513<br>
objectSid:: AQUAAAAAAAUVAAAAc+SiCBWZJKtAqKm9ZQUAAA==<br>
accountExpires: 9223372036854775807<br>
logonCount: 0<br>
sAMAccountName: mike<br>
sAMAccountType: 805306368<br>
userPrincipalName: <a href="mailto:mike@domain.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">mike@domain.com</a><br>
lockoutTime: 0<br>
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=com<br>
<br>
# <a>refldap://ForestDnsZones.domain.com/DC=ForestDnsZones,DC=domain,DC=com</a><br>
<br>
# <a>refldap://DomainDnsZones.domain/DC=DomainDnsZones,DC=doamin,DC=com</a><br>
<br>
# <a>refldap://chikka.ph/CN=Configuration,DC=doamin,DC=com</a><br>
<br><br><div><span class="gmail_quote">Thnx in advance,<br>
<br>
<br>
</span></div><div><span class="e" id="q_10840ddea3d61aa8_13"><br>-- <br>Mike Calizo<br>Registered Linux User # 365113<br><br>_________________________________________________<br>Even the longest journey has to start with a small first-step
<br>
</span></div></blockquote></div><br><br clear="all"><br>-- <br>Mike Calizo<br>Registered Linux User # 365113<br><br>_________________________________________________<br>Even the longest journey has to start with a small first-step
<br>