FreeRadius cannot Authenticate to Windows AD
Dusty Doris
freeradius at mail.doris.cc
Mon Dec 19 05:46:29 CET 2005
> rlm_ldap: login attempt by "mike" with password "mike123"
> radius_xlat: '(SamAccountName=mike)'
> radius_xlat: 'CN=Person,DC=chikka,DC=ph'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to 192.168.1.1:389, authentication 0
> rlm_ldap: bind as / to 192.168.1.1:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in CN=Person,DC=chikka,DC=ph, with filter
> (SamAccountName=mike)
-----
> LDAPSEARCH RESULT
>
> [root at repository ~]# ldapsearch -LLL -h 192.168.1.1 -x -b 'dc=domain,dc=com'
> '(samaccountname=mike)' -D mike -w mike123
> dn: CN=mike,CN=Users,DC=domain,DC=com
There are two major differences in what you have freeradius configured to
do and what your commandline search shows. Is this intended??
Freeradius
-bind anonymously
-search in CN=Person,DC=chikka,DC=ph
Commandline
-bind as mike
-search in dc=domain,dc=com
Unless I missed something and I'm just not getting it, I would give
freeradius an identity and password of a user that has read access to the
part of the directory your users are in. Then I would change the basedn
in freeradius to actually match the basedn of your directory.
More information about the Freeradius-Users
mailing list