Freeradius+AD - Login with EmployeeID

Alan DeKok aland at deployingradius.com
Mon Aug 7 14:37:04 UTC 2023


On Aug 7, 2023, at 10:33 AM, Rodrigo Abrantes Antunes <rodrigoantunes at pelotas.ifsul.edu.br> wrote:
> 
> These are the filters I'm using:
> 
> filter in freeradius (work) = (sAMAccountName=%{mschap_default:User-Name:-%{User-Name}})
> filter in ldapsearch (work) = (sAMAccountName=rodrigoantunes)
> 
> filter in freeradius (don't work) = (employeeID=%{mschap_default:User-Name:-%{User-Name}})
> filter in ldap search (work) = (employeeID=1638828)

  Those aren't the filters that FreeRADIUS is using.  Those are the *input* configuration items to FreeRADIUS, before the filters are expanded.

> The expanded filters in the logs are right, so I don't know why it isn't working;

  Download v3, then read the documentation in mods-available/ldap.

  Follow the instructions for copying the FreeRADIUS configuration items to the ldapsearch parameters.

> The FreeRADIUS version is 2.2.5. I know it is old, we are currently working on a new one, but we need to make this work until the new is ready.

  It's probably less work to upgrade, than to fight an old system.

  It's really not useful for anyone here to debug / fix a version of software which is 10+ years old.  Any issues have been found and fixed many years ago.  We're not going to work through that effort again.

  Alan DeKok.



More information about the Freeradius-Users mailing list