Hi. I need advise/help with my problem.<div>I'm trying to authenticate with 2 LDAP-servers from freeradius, but without success.</div><div>I have two AD with different domains (e.g. domain1 and domain2, and they are not linked). I'm trying to authenticate by UPN (username@domainX). I thought it would be possible to regexp User-Name in Authenticate section and substitute values of LDAP config, but it doesn't work. In sites-enables/default Authenticate section:</div>
<div><div><font size="1">if (User-Name =~ /domain1/i) {</font></div><div><font size="1"> Server1</font></div><div><font size="1">}</font></div><div><font size="1">elsif (User-Name =~ /domain2/i) {</font></div><div><font size="1"> Server2</font></div>
<div><font size="1">}</font></div></div><div>in modules/ldap I have:</div><div><div><font size="1">ldap Server1 {</font></div><div><font size="1"> server = "x.x.x.x"</font></div><div><font size="1"> identity = "user"</font></div>
<div><font size="1"> password = pass</font></div><div><font size="1"> basedn = "DC=example1,DC=com"</font></div><div><font size="1"> filter = "(userPrincipalName=%{User-Name})"</font></div>
<div><font size="1"> ldap_connections_number = 5</font></div><div><font size="1"> timeout = 10</font></div><div><font size="1"> timelimit = 3</font></div><div><font size="1"> net_timeout = 1</font></div>
<div><font size="1"> tls {</font></div><div><font size="1"> start_tls = no</font></div><div><font size="1"> }</font></div><div><font size="1"> dictionary_mapping = ${confdir}/ldap.attrmap</font></div>
<div><font size="1"> edir_account_policy_check = no</font></div><div><font size="1"> groupname_attribute = cn</font></div><div><font size="1"> groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"</font></div>
<div><font size="1"> groupmembership_attribute = memberOf</font></div><div><font size="1"> chase_referrals = yes</font></div><div><font size="1"> rebind = yes</font></div><div><font size="1">}</font></div>
<div><font size="1"><br></font></div><div><font size="1">ldap Server2 {</font></div><div><span style="font-size:x-small"> server = "x.x.x.x"</span></div><div><font size="1"> identity = "user"</font></div>
<div><font size="1"> password = pass</font></div><div><font size="1"> basedn = "DC=example2,DC=com"</font></div><div><font size="1"> }</font></div><div><font size="1"> filter = "(userPrincipalName=%{User-Name})"</font></div>
<div><font size="1"> ldap_connections_number = 5</font></div><div><font size="1"> timeout = 10</font></div><div><font size="1"> timelimit = 3</font></div><div><font size="1"> net_timeout = 1</font></div><div>
<font size="1"> tls {</font></div>
<div><font size="1"> start_tls = no</font></div><div><font size="1"> }</font></div><div><font size="1"> dictionary_mapping = ${confdir}/ldap.attrmap</font></div><div><font size="1"> edir_account_policy_check = no</font></div>
<div><font size="1"> groupname_attribute = cn</font></div><div><font size="1"> groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"</font></div>
<div><font size="1"> groupmembership_attribute = memberOf</font></div><div><font size="1"> chase_referrals = yes</font></div><div><font size="1"> rebind = yes</font></div><div><font size="1"># ldap_debug = 0xFFFF</font></div>
<div><font size="1">}</font></div></div><div><font size="1"><br></font></div><div>If user@domain1 (on any other) belongs to group "mobile" in AD - I send Access-Accept.</div><div>When I start FreeRadius in debug mode - I don't see any regexp information. With current config-file freeradius will use only ldap server2 to authenticate users.</div>
<div>Is any way to te authenticate with multiple AD</div><div><br></div><div>Thanks</div>