Exec and ntlm_auth

freeradius at corwyn.net freeradius at corwyn.net
Mon Nov 30 05:13:11 CET 2009


At 06:24 PM 11/25/2009, Ivan Kalik wrote:
>Configure AD as ldap server in ldap module (.raddb/modules/ldap). 
>Then add to users file:
>
>DEFAULT     Ldap-Group == "max_priv_level" or whatever is your group called
>                      Service-Type = NAS-Prompt-User,
>                      cisco-avpair = "shell:priv-lvl=15"

closer!  First, if I use the account directly:
testuser   Cleartext-Password := "testpass"
            Service-Type = NAS-Prompt-User,
            cisco-avpair = "shell:priv-lvl=15"

I get auth. (so the cisco at least is right, and the base LDAP must 
be ok, because I get an LDAP success).

But when I switch to :
DEFAULT     Ldap-Group == "Infrastructure"
             Service-Type = NAS-Prompt-User,
             cisco-avpair = "shell:priv-lvl=15"

I get in the logs a failure to find the group:

[ldap] performing user authorization for testuser
[ldap]  expand: %{Stripped-User-Name} ->
[ldap]  expand: %{User-Name} -> testuser
[ldap]  expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> 
(uid=ciscorsteeves)
[ldap]  expand: OU=Enterprise,DC=int,DC=example,DC=com -> 
OU=Enterprise,DC=int,DC=example,DC=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in 
OU=Enterprise,DC=int,DC=example,DC=com, with filter (uid=testuser)
rlm_ldap: object not found
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[ldap] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns notfound
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


My suspicion is something wrong between base_filter and filter. Sigh.








More information about the Freeradius-Users mailing list