Freeradius+AD - Login with EmployeeID
Rodrigo Abrantes Antunes
rodrigoantunes at pelotas.ifsul.edu.br
Mon Aug 7 16:04:26 UTC 2023
Isn't the expanded filters in the logs the filters that freeradius is using?
I did what you said about the ldapsearch parameters, I can confirm
that everything is in order.
I thought this was a simple configuration that would work in any
version, thanks for let me know it isn't so simple and that it may be
related to the freeradius version.
Thanks for the help.
Citando Alan DeKok <aland at deployingradius.com>:
> On Aug 7, 2023, at 10:33 AM, Rodrigo Abrantes Antunes
> <rodrigoantunes at pelotas.ifsul.edu.br> wrote:
>> These are the filters I'm using:
>>
>> filter in freeradius (work) =
>> (sAMAccountName=%{mschap_default:User-Name:-%{User-Name}})
>> filter in ldapsearch (work) = (sAMAccountName=rodrigoantunes)
>>
>> filter in freeradius (don't work) =
>> (employeeID=%{mschap_default:User-Name:-%{User-Name}})
>> filter in ldap search (work) = (employeeID=1638828)
>
> Those aren't the filters that FreeRADIUS is using. Those are the
> *input* configuration items to FreeRADIUS, before the filters are
> expanded.
>
>> The expanded filters in the logs are right, so I don't know why it
>> isn't working;
>
> Download v3, then read the documentation in mods-available/ldap.
>
> Follow the instructions for copying the FreeRADIUS configuration
> items to the ldapsearch parameters.
>
>> The FreeRADIUS version is 2.2.5. I know it is old, we are currently
>> working on a new one, but we need to make this work until the new
>> is ready.
>
> It's probably less work to upgrade, than to fight an old system.
>
> It's really not useful for anyone here to debug / fix a version of
> software which is 10+ years old. Any issues have been found and
> fixed many years ago. We're not going to work through that effort
> again.
>
> Alan DeKok.
>
> -List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list