LDAP group - samaccountname
Alan DeKok
aland at deployingradius.com
Tue Feb 4 21:30:57 CET 2020
> On Feb 4, 2020, at 3:27 PM, Olivier Mahieu <o_mahieu at hotmail.com> wrote:
>
> Its active directory Administrator account. No backslashes.
Then why are you looking up the full User-Name with backslashes?
Split the User-Name into realm and "real" user name. Then look up the real user name. The server configuration does this pretty much by default.
All you need to do is define a "AD-OM" realm in proxy.conf:
realm AD-OM {
}
And the server will just do the right thing.
> Doing radtest mschap returns correct vlan.
Because you're just using "Administrator" there. Please pay attention.
Alan DeKok.
More information about the Freeradius-Users
mailing list