Freeradius Auth via LDAP against Active Directory Server 2003 [unclas]
Ranner, Frank MR
Frank.Ranner at defence.gov.au
Mon Apr 30 02:49:42 CEST 2007
> -----Original Message-----
> From:
> freeradius-users-bounces+frank.ranner=defence.gov.au at lists.fre
eradius.org [mailto:freeradius-users->
bounces+frank.ranner=defence.gov.au at lists.freeradius.org] On
> Behalf Of Jacob Jarick
> Sent: Sunday, 29 April 2007 20:48
> To: FreeRadius users mailing list
> Subject: Re: Freeradius Auth via LDAP against Active
> Directory Server 2003
>
> OK tried with 1.1.4 and yerp works great.
>
> radiusd -X output: http://pastebin.ca/464153
> radiusd.conf: http://pastebin.ca/464156
>
> I also realised a mistake I have been making, see I want to
> search the whole active directory, hence I kept setting my
> basedn without an ou.
> After seeing your excellent example and auth'ing had failed I
> stuck in an OU and tried a user from the OU and worked fine.
>
> So my questions is this, to auth people from multiple OU's do
> I create a new ldap module for each OU or is their a simpler way.
>
You should be able to set the base DN at the parent node, because the
search is a subtree search. In my setup (openldap, not AD) I also
use the base_filter directive in radiusd.conf to restrict the type of
records to be searched. I use base_filter =
"(objectclass=radiusprofile)"
You should use base_filter = "(objectclass=user)" This goes into the
ldap
Section somewhere near the basedn line.
Regards,
Frank Ranner
More information about the Freeradius-Users
mailing list