LDAP group - samaccountname

Alan DeKok aland at deployingradius.com
Tue Feb 4 21:30:57 CET 2020

> On Feb 4, 2020, at 3:27 PM, Olivier Mahieu <o_mahieu at hotmail.com> wrote:
> Its active directory Administrator account. No backslashes.

  Then why are you looking up the full User-Name with backslashes?

  Split the User-Name into realm and "real" user name.  Then look up the real user name.  The server configuration does this pretty much by default.

  All you need to do is define a "AD-OM" realm in proxy.conf:

realm AD-OM {

  And the server will just do the right thing.

> Doing radtest mschap returns correct vlan.

  Because you're just using "Administrator" there.  Please pay attention.

  Alan DeKok.

More information about the Freeradius-Users mailing list