Cisco to FreeRadius to AD-LDAP authentication
Alan DeKok
aland at ox.org
Tue Jan 10 00:00:57 CET 2006
"Dickson, John" <JDickson2 at mccneb.edu> wrote:
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
The user's clear-text password wasn't obtained from the LDAP server.
This is to be expected in AD, as it doesn't supply them,
...
> rad_check_password: Found Auth-Type System
> auth: type "System"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 0
> modcall[authenticate]: module "unix" returns notfound for request 0
> modcall: group authenticate returns notfound for request 0
This message should be clear: the user isn't found in /etc/passwd.
> My question is, how do I get an "Accept" from the request and is there a
> way around the basedn naming conventions that will alllow FreeRadius to
> work with Windowz?
The issue here isn't with basedn naming conventions. It's that you
haven't set up FreeRADIUS to ask AD about authenticating the user.
If the users log in with clear-text passwords, my suggestion is to
set up rlm_smb, and point it to the domain controller. That will let
FreeRADIUs use AD for authentication.
Alan DeKok.
More information about the Freeradius-Users
mailing list