AD Authentication Permissions

Tyler Brady tbrady at
Thu Jan 10 19:59:56 CET 2013

On Wed 1/9/2013 4:31 PM, John Dennis wrote:

> I think my bind is working fine now, but my basedn = "o=My Org,c=UA"  field is still wrong. I'm still not sure of the syntax. Any suggestions?

I don't see a basedn of "o=My Org,c=UA" anywhere, however I do see a basedn of "ou=Phoenix_Users,dc=company,dc=stc"

Hint, rlm_ldap is simply doing what the ldapsearch command does. Try using ldapsearch giving it the parameters you expect to be correct, iterate until the search succeeds, then use those same parameters in your radius ldap config.

BTW, your ldap password "Sup3rS3cret" is no longer super secret ;-)

Thank you for the hints. I think I'm almost there...

I'm testing this with a cisco switch. Using the config in the users file shown below, I receive the message "Welcome Message," but not the level 15 privileges. 


DEFAULT =   LDAP-Group == Radius-Users"
                         Reply-Message = "Welcome Message",

                         Cisco-AVPair = "shell:priv-lvl=15"
Do I have to add cisco AVpair to  ldap.attrmap or modify the dictionary file? If so, what is the correct syntax for adding it?

Thanks again for all of the help.

More information about the Freeradius-Users mailing list