FreeRadius cannot Authenticate to Windows AD

Dusty Doris freeradius at mail.doris.cc
Mon Dec 19 05:46:29 CET 2005


> rlm_ldap: login attempt by "mike" with password "mike123"
> radius_xlat:  '(SamAccountName=mike)'
> radius_xlat:  'CN=Person,DC=chikka,DC=ph'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to 192.168.1.1:389, authentication 0
> rlm_ldap: bind as / to 192.168.1.1:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in CN=Person,DC=chikka,DC=ph, with filter
> (SamAccountName=mike)

-----

> LDAPSEARCH RESULT
>
> [root at repository ~]# ldapsearch -LLL -h 192.168.1.1 -x -b 'dc=domain,dc=com'
> '(samaccountname=mike)' -D mike -w mike123
> dn: CN=mike,CN=Users,DC=domain,DC=com

There are two major differences in what you have freeradius configured to 
do and what your commandline search shows.  Is this intended??

Freeradius
  -bind anonymously
  -search in CN=Person,DC=chikka,DC=ph

Commandline
  -bind as mike
  -search in dc=domain,dc=com


Unless I missed something and I'm just not getting it, I would give 
freeradius an identity and password of a user that has read access to the 
part of the directory your users are in.  Then I would change the basedn 
in freeradius to actually match the basedn of your directory.




More information about the Freeradius-Users mailing list