Configuring free radius to use Active directory service
Stephen Walsh
S.Walsh at signadou.acu.edu.au
Fri Jan 27 13:08:21 CET 2006
>1. How to configure the freeradius1.0.5 version, to support Active
>directory service for user authentication.
> For ldap .. we have rlm_ldap module to configure it. Same kind of
>configuration is there for ADS also ??
Sumithra;
that part is quite easy. Here's what I've just done;
ldap {
server = "<serverip>"
identity = "<full LDAP path to user who will perform
initial bind"
password = "<their password"
basedn = "highest part of tree to start searching from"
filter =
"(sAMAccountname=%{Stripped-User-Name:-%{User-Name}})"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
}
authorize {
preprocess
suffix
auth_log
ldap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type LDAP {
ldap
}
}
If you're wanting to search multiple trees, that's another matter, but
that should get you started.
See my earlier post about problems with W2k3 trees and their behaviour
with searches.
VLAN's I'll leave to someone who understands that part of FR better.
Regards
Stephen Walsh
s.walsh at signadou.acu.edu.au
Client Support Officer (Technology)
Australian Catholic University (Limited)
PO Box 256, Dickson ACT 2602
Phone: +61 2 6209 1133
Fax: +61 2 6209 1179
Mobile: +61 419 496796
+++++++++++++++++++++++++++++++++++++++++++++++++
CRICOS Registration: 00004G, 00112C, 00873F, 00885B
ABN 15 050 192 660
+++++++++++++++++++++++++++++++++++++++++++++++++
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060127/22ec0ef2/attachment.html>
More information about the Freeradius-Users
mailing list