Stewart James wrote:
I have been roped in to look over an issue we have with migrating from Novell to AD.
Repeat after me: AD is not an LDAP server. It's not. It fakes it pretty well, but it's not.
As I stated earlier authentication fall through works like a treat (if in the users file I don’t specify an LDAP-Group authentication works). If I only specify 1 ldap server to do authentication and authorisation, everything works, its only when I try to do authorisation via LDAP-Group AND try to do authorisation fall through as documentation above do I start getting errors.
If you are trying to use LDAP to obtain the "known good" password from AD, it's impossible.
rlm_ldap: performing search in dc=ad,dc=vu,dc=edu,dc=au, with filter (samaccountname=USERNAME) .. rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
Nothing. i.e. The user was found, but *nothing* more than that was found.
auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
The server doesn't know how to authenticate the user, so the user is rejected. Please explain a little more what you're trying to do, and what you expect to see where. Right now, you're trying to debug a solution. Instead, focus on the problem, and the solution may be simple (or impossible). Alan DeKok.