Configuring free radius to use Active directory service

Stephen Walsh S.Walsh at signadou.acu.edu.au
Fri Jan 27 13:08:21 CET 2006


>1.  How to configure the freeradius1.0.5 version, to support Active
>directory service for user authentication.
>     For ldap .. we have rlm_ldap module to configure it. Same kind of
>configuration is there for ADS also ??

Sumithra;

that part is quite easy. Here's what I've just done;

ldap {

                server = "<serverip>"
                identity = "<full LDAP path to user who will perform 
initial bind"
                password = "<their password"
                basedn = "highest part of tree to start searching from"
                filter = 
"(sAMAccountname=%{Stripped-User-Name:-%{User-Name}})"

                dictionary_mapping = ${raddbdir}/ldap.attrmap

                ldap_connections_number = 5

        }
authorize {
                preprocess
                suffix
                auth_log
                ldap
                }

authenticate {
        Auth-Type PAP {
                pap
                }
        Auth-Type LDAP {
                ldap
                }
        }

If you're wanting to search multiple trees, that's another matter, but 
that should get you started.
See my earlier post about problems with W2k3 trees and their behaviour 
with searches.

VLAN's I'll leave to someone who understands that part of FR better.

Regards

Stephen Walsh
s.walsh at signadou.acu.edu.au
Client Support Officer (Technology)
Australian Catholic University (Limited)
PO Box 256, Dickson ACT 2602
Phone: +61 2 6209 1133
Fax: +61 2 6209 1179
Mobile: +61 419 496796
+++++++++++++++++++++++++++++++++++++++++++++++++
CRICOS Registration: 00004G, 00112C, 00873F, 00885B 
ABN 15 050 192 660  
+++++++++++++++++++++++++++++++++++++++++++++++++
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060127/22ec0ef2/attachment.html>


More information about the Freeradius-Users mailing list