Hi, i'm starter here but, the user freeradius in your ldap must be able to read user's passwords. Try with administrator in /etc/raddb/modules/ldap and if it works, the user freeradius won't has rigths for this. By El viernes, 14 de junio de 2013, ricardobarbosams escribió:
Hi.
Executing ldapsearch with user freeradius
root@maxwell:~# ldapsearch -LLL -x -h 192.168.0.4 -b "dc=batlab,dc=corp" -D "CN=freeradius,OU=noc,OU=**batlab,DC=batlab,DC=corp" -W "(sAMAccountName=**administrator)" cn Enter LDAP Password: dn: CN=Administrator,CN=Users,DC=**batlab,DC=corp cn: Administrator
Its Works.
Regards.
Em 06/13/13 03:37, Iliya Peregoudov escreveu:
On 12.06.2013 4:19, ricardobarbosams wrote:
No my filter is
filter = "(&(objectClass=user)(**sAMAccountName=%{User-Name}))"
I do not talk about filter, I do talk about binding to the directory. Your ldapsearch binds to the directory using one user and your radiusd binds to directory as another user. These users can have different authorization levels in the directory server. Directory may allow to retrieve objects to user2@batlab.corp user but disallow it to CN=freeradius,OU=noc,OU=**batlab,DC=batlab,DC=corp user.
Configure radiusd to use the user2@batlab.corp user to bind to the directory and you'll get same results as with ldapsearch. - List info/subscribe/unsubscribe? See http://www.freeradius.org/** list/users.html <http://www.freeradius.org/list/users.html>
- List info/subscribe/unsubscribe? See http://www.freeradius.org/** list/users.html <http://www.freeradius.org/list/users.html>
-- -- Un saludo. ____________________ Roberto Ortega Profesor de Informática. http://www.proyectoret.es Escuelas San José Valencia Avd.Cortes Valencianas nº1 46015 Valencia R4600489A Tf:963499011 ext. 262 Fax:963488835 http://www.escuelassj.com No imprimas este correo si no es necesario. Protejamos el medio ambiente.