Multiple OUs in AD

Phil Mayers p.mayers at imperial.ac.uk
Wed Apr 5 11:16:15 CEST 2006 

Peter Bushnell wrote:
> Hello All,
> 
>  
> 
> Have a working FreeRADIUS server up and running, this is used for 
> authenticating student users on to a wireless network against a M$ 2003 
> server with Active Directory using LDAP.
> 
>  
> 
> Problem is I only seem to be able to authenticate users against one OU, 
> if I set the basedn simply to the domain the server just sits there and 
> never returns an accept or reject.

What is the basedn that doesn't work? dc=bnc,dc=ox,dc=ac,dc=uk or 
dc=ox,dc=ac,dc=uk?

I suspect it's something related to all that AD crap about forests and 
referrals and such. Do you have an interdomain trusts? Can you use a 
command-line ldapsearch with those settings (the ones that never 
return)? If so, what is the output?

If it *is* that, you may try this in /etc/openldap/ldap.conf (or 
whatever path that file lives at):

# This *may* cause problems if multiple forests are used with AD.
deref never
referrals no

Also, you didn't mention which version of FR you're using.

> 
>  
> 
> So how can I set my FR box to authenticate against all users in AD?
> 
>  
> 
> Here is my LDAP cfg from radiusd.conf…
> 
>  
> 
>         ldap {
> 
>                 server = "brassbullet.bnc.ox.ac.uk"
> 
>                 identity = 
> "cn=administrator,cn=users,dc=bnc,dc=ox,dc=ac,dc=uk"
> 
>                 password = password
> 
>                 basedn = "ou=students,dc=bnc,dc=ox,dc=ac,dc=uk"
> 
>                 filter 
> ="(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})"
> 
>                 start_tls = no
> 
>                 ldap_connections_number = 5
> 
>                 password_attribute = userPassword
> 
>                 timeout = 4
> 
>                 timelimit = 3
> 
>                 net_timeout = 1
> 
>                 compare_check_items = yes
> 
>             }
> 
>  
> 
> Any help appreciated,
> 
>  
> 
> Peter Bushnell
> IT Officer
> Brasenose College
> Email: peter.bushnell at bnc.ox.ac.uk <mailto:peter.bushnell at bnc.ox.ac.uk>
> Tel: +44 1865 277513
> 
>  
> 
> 
> ------------------------------------------------------------------------
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list