Help PLease

Adam Schappell aschappell at clearedgeit.com
Mon Mar 30 19:00:08 CEST 2015


Sorry yes sAMAccountName is radius for user so it seems everything in AD is
correct

Adam Schappell
System Administrator II
Clearedge IT Solutions, LLC
10620 Guilford Road
Jessup, MD 20794
Office:443-212-4712
Fax:443-212-4809
www.ClearEdgeIT.com <http://www.clearedgeit.com/>


On Mon, Mar 30, 2015 at 12:37 PM, Michael Ströder <michael at stroeder.com>
wrote:

> Adam Schappell wrote:
>
>> I can
>> successfully do a ldapsearch and everything pops up successfully.
>>
>
> Did you bind to AD's LDAP server with
> ldapsearch [..] -D <identity> -w <password>
> with the very same values used in FreeRADIUS configuration or for RADIUS
> login?
>
> From one of your former postings it seems that FreeRADIUS is using filter
> (uid=aschappell) to search for your user account.
>
> Is attribute 'uid' actually set in your AD user account? This is rather
> unusal.  By default MS AD stores user name in attribut 'sAMAccountName'.
> So you'd have to change your FreeRADIUS LDAP configuration to use this
> attribute when generating the search filter.
>
> Well, another log of you shows:
>
> ---------------------- snip ----------------------
>   [ldap] bind as cn=Adam L. Schappell,ou=Domain
> Admins,ou=Users,ou=Jessup,ou=ClearEdge,dc=corp,dc=
> clearedge,dc=com/Schappell##113
> to corp.clearedgeit.com:389
>
>   [ldap] waiting for bind result ...
>
>   [ldap] LDAP login failed: check identity, password settings in ldap
> section of radiusd.conf
> ---------------------- snip ----------------------
>
> It seems in this case the user entry was found but LDAP simple bind
> failed. You should check whether AD account got locked during your failing
> attempts.
>
> Ciao, Michael.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


More information about the Freeradius-Users mailing list