On Oct 8, 2024, at 10:23 AM, Ibrahim Almahfooz <ibrahim.nezar@sevennet.net> wrote:
We have successfully integrated our FreeRADIUS Version 3.2.6 with active directory using ntlm_auth module and also enabled sqlcounter to permit users with specific daily limit.
That's good.
All working well. However, part of the requirements is to give a specific time quota to users who are part of a specific AD group, which we guess is a common use case.
Yes.
To achieve this, we also integrated FR with ldap by using FreeRadius-ldap package and we populated the ldap configuration file with below: ... When we run radiusd -X, the ldap part is executed in the authorize section however it says "Search returned no results":
That means the LDAP server returned no results. i..e. the query is wrong, or it is returning no data.
In our active directory the user "test" is part of the "Office-VPN" group and both the user and group are inside "cn=Users,dc=domain,dc=com"
Also when we run the ldapsearch command from within FR machine, we get positive results: ldapsearch -x -b "cn=Users,dc=domain,dc=com" -D "cn=test,cn=Users,dc=domain,dc=com" -h 192.168.1.1-w "xxxxxx" '(&(cn=Office-VPN))'
The comments in the ldap module suggest to use a different search string for Active Directory. Try that. My guess is that the LDAP search string is wrong. Alan DeKok.