Sorry yes sAMAccountName is radius for user so it seems everything in AD is correct Adam Schappell System Administrator II Clearedge IT Solutions, LLC 10620 Guilford Road Jessup, MD 20794 Office:443-212-4712 Fax:443-212-4809 www.ClearEdgeIT.com <http://www.clearedgeit.com/> On Mon, Mar 30, 2015 at 12:37 PM, Michael Ströder <michael@stroeder.com> wrote:
Adam Schappell wrote:
I can successfully do a ldapsearch and everything pops up successfully.
Did you bind to AD's LDAP server with ldapsearch [..] -D <identity> -w <password> with the very same values used in FreeRADIUS configuration or for RADIUS login?
From one of your former postings it seems that FreeRADIUS is using filter (uid=aschappell) to search for your user account.
Is attribute 'uid' actually set in your AD user account? This is rather unusal. By default MS AD stores user name in attribut 'sAMAccountName'. So you'd have to change your FreeRADIUS LDAP configuration to use this attribute when generating the search filter.
Well, another log of you shows:
---------------------- snip ---------------------- [ldap] bind as cn=Adam L. Schappell,ou=Domain Admins,ou=Users,ou=Jessup,ou=ClearEdge,dc=corp,dc= clearedge,dc=com/Schappell##113 to corp.clearedgeit.com:389
[ldap] waiting for bind result ...
[ldap] LDAP login failed: check identity, password settings in ldap section of radiusd.conf ---------------------- snip ----------------------
It seems in this case the user entry was found but LDAP simple bind failed. You should check whether AD account got locked during your failing attempts.
Ciao, Michael.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html