RES: Active Directory Users

Domingo Antonio domingo at netcomp.com.br
Thu Aug 17 22:03:18 CEST 2006 

http://samba.org/ftp/unpacked/lorikeet/pppd/final-report.pdf#search=%22freer
adius%20net%20join%20ads%22

  _____  

De: freeradius-users-bounces+domingo=netcomp.com.br at lists.freeradius.org
[mailto:freeradius-users-bounces+domingo=netcomp.com.br at lists.freeradius.org
] Em nome de Domingo Antonio
Enviada em: quinta-feira, 17 de agosto de 2006 16:58
Para: 'FreeRadius users mailing list'
Assunto: RES: Active Directory Users


no ldap..
you need to use ntlm authentication....
 
 
you need to configure your samba as ADS security mode, add samba to AD and
start winbind service...
 
 

  _____  

De: freeradius-users-bounces+domingo=netcomp.com.br at lists.freeradius.org
[mailto:freeradius-users-bounces+domingo=netcomp.com.br at lists.freeradius.org
] Em nome de Mohammad Abohelal
Enviada em: quinta-feira, 17 de agosto de 2006 17:45
Para: freeradius-users at lists.freeradius.org
Assunto: Active Directory Users



Hi all

 

I need help with simple configuration to authenticate windows active
directory users via free radius. 

 

I have a domain controller, Cisco vpdn router , and free radius  UNIX
environment  ( FreeBSD ) 

 

Active directory group: VPDN, user name's have allow dialin on user option 

 

Radiusd.conf ldap configuration: 

 

      ldap {

 

            server = "ad.xxx.yyy"

            identity = "CN=radiusd,OU=External_Object,DC=xxxl,DC=yyy"

            password = radiusd111

            basedn = "OU=VPDN_USERS,OU=External_Object,DC=xxx,DC=yyy"

            filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"

            base_filter = "(objectclass=radiusprofile)" 

 

      

When I try to connect via l2tp dialer I get error:  (auth: Failed to
validate the user  ( 

 

 

modcall: leaving group authorize (returns ok) for request 0

  rad_check_password:  Found Auth-Type LDAP

auth: type "LDAP"

  Processing the authenticate section of radiusd.conf

modcall: entering group LDAP for request 0

rlm_ldap: - authenticate

rlm_ldap: login attempt by "vpdn1" with password "xxxx"

radius_xlat:  '(uid=vpdn1)'

radius_xlat:  'OU=VPDN_USERS,OU=External_Object,DC=xxxl,DC=yyy'

rlm_ldap: ldap_get_conn: Checking Id: 0

rlm_ldap: ldap_get_conn: Got Id: 0

rlm_ldap: attempting LDAP reconnection

rlm_ldap: (re)connect to ad.xxx.yyy:389, authentication 0

rlm_ldap: bind as CN=radiusd,OU=External_Object,DC=xxx,DC=yyy/radiusd111 to
ad.xxx.yyy:389

rlm_ldap: waiting for bind result ...

rlm_ldap: Bind was successful

rlm_ldap: performing search in
OU=VPDN_USERS,OU=External_Object,DC=xxx,DC=yyy, with filter (uid=vpdn1)

rlm_ldap: object not found or got ambiguous search result

rlm_ldap: ldap_release_conn: Release Id: 0

  modcall[authenticate]: module "ldap" returns notfound for request 0

modcall: leaving group LDAP (returns notfound) for request 0

auth: Failed to validate the user.

Login incorrect (rlm_ldap: User not found): [vpdn1/xxxx (from client wan-gw1
port 25)

Delaying request 0 for 1 seconds

Finished request 0

Going to the next request

Thread 1 waiting to be assigned a request

rad_recv: Access-Request packet from host 194.90.143.73:1645, id=20,
length=102

Sending Access-Reject of id 20 to 194.90.143.73 port 1645

--- Walking the entire request list ---

Waking up in 1 seconds...

--- Walking the entire request list ---

Cleaning up request 0 ID 20 with timestamp 44e4c472

Nothing to do.  Sleeping until we see a request.

 

 

Thank you 

 

Mohammad 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060817/42c54a17/attachment.html>

More information about the Freeradius-Users mailing list