get attributes from multiple AD domains

[John]

Again. Now we can get attributes from AD domains using the Global Catalog port 3268.
 
A new problem: there are 2 same accounts in 2 domains. And we use filter = "(sAMAccountName=%{mschap:User-Name})". Looks ldapsearch return 2 results from AD. And freeRADIUS could not handle this now?  How should I do to handle this issue?
 
John

--- 09年7月27日，周一, Luis Azevedo <labraceta at gmail.com> 写道：


发件人: Luis Azevedo <labraceta at gmail.com>
主题: Re: get attributes from multiple AD domains
收件人: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
日期: 2009年7月27日,周一,下午6:30


Hi, 


You need to contact the AD at the Global Catalog port 3268, otherwise it will return results only for the current AD. Also ensure your AD is a Global Catalog and the Replication connections are working fine. 


Hope it helps, 






Luis Azevedo
http://www.braceta.com




On Jul 27, 2009, at 03:27 , John wrote:






I follow up this link to set up freeRADIUS talk to AD,
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
 
It can work and can get VLAN attribute from AD through LDAP module (ldap_search). 
But we need to support 2 AD domains. NTLM_auth can work in multiple domains. But we can not get attributes from multiple domains. Anyone can give me some advice?
 
Thanks.
John.


好玩贺卡等你发，邮箱贺卡全新上线！-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-----下面为附件内容-----


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


      ___________________________________________________________ 
  好玩贺卡等你发，邮箱贺卡全新上线！ 
http://card.mail.cn.yahoo.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100129/e5e25a5d/attachment.html>