Unable to Find Active Directory Group using LDAP Group Lookup module
Alan DeKok
aland at deployingradius.com
Tue Oct 8 15:35:34 UTC 2024
On Oct 8, 2024, at 10:23 AM, Ibrahim Almahfooz <ibrahim.nezar at sevennet.net> wrote:
> We have successfully integrated our FreeRADIUS Version 3.2.6 with active
> directory using ntlm_auth module and also enabled sqlcounter to permit
> users with specific daily limit.
That's good.
> All working well. However, part of the
> requirements is to give a specific time quota to users who are part of a
> specific AD group, which we guess is a common use case.
Yes.
> To achieve this, we also integrated FR with ldap by using FreeRadius-ldap
> package and we populated the ldap configuration file with below:
> ...
> When we run radiusd -X, the ldap part is executed in the authorize section
> however it says "Search returned no results":
That means the LDAP server returned no results.
i..e. the query is wrong, or it is returning no data.
> In our active directory the user "test" is part of the "Office-VPN" group
> and both the user and group are inside "cn=Users,dc=domain,dc=com"
>
> Also when we run the ldapsearch command from within FR machine, we get
> positive results:
> ldapsearch -x -b "cn=Users,dc=domain,dc=com" -D
> "cn=test,cn=Users,dc=domain,dc=com" -h 192.168.1.1-w "xxxxxx"
> '(&(cn=Office-VPN))'
The comments in the ldap module suggest to use a different search string for Active Directory. Try that.
My guess is that the LDAP search string is wrong.
Alan DeKok.
More information about the Freeradius-Users
mailing list