AD Authentication Permissions

John Dennis jdennis at
Wed Jan 9 20:22:45 CET 2013

On 01/09/2013 02:00 PM, Tyler Brady wrote:
> Can someone give more details on setting up LDAP groups? So far I have attempted to modify the users file and the ldap module. I can't seem to get the ldap module configured properly, but I'm sure that's just one of many issues.
> ldap {
> 	#
> 	#  Note that this needs to match the name in the LDAP
> 	#  server certificate, if you're using ldaps.
> 	server = "ldap.your.domain"
> 	#identity = "cn=admin,o=My Org,c=UA"
> 	#password = mypass
> 	basedn = "o=My Org,c=UA"
> 	filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
> 	#base_filter = "(objectclass=radiusprofile)"
> cn = username (is this correct)
> o= domain (is this correct)
> c= ?  (what does this field mean)

identity is the bind dn, it's an ldap concept, refer to ldap literature 
to learn what a bind dn is. The bind dn you should be using is specific 
to your deployment, ask whoever is managing your ldap server what to 
use. Remember this represents a server-to-server binding, not a 
user-to-server binding, in other words the radius server is binding to 
your ldap server to perform lookup's related to users and groups thus 
the identity you bind as will need permission to view that portion of 
the ldap tree.

John Dennis <jdennis at>

Looking to carve out IT costs?

More information about the Freeradius-Users mailing list