RE: FreeRadius, LDAP to a remote Active Directory Server

[Ron Wahler]

I can now connect and query an Active Directory, but I’m not sure what Results I am getting back from the LDAP query to Active Directory. The Authentication fails.   Is there a way to get the results of the query to print out ? also the passwords And what was different ?   Thanks, Ron.       Wed Mar 12 16:49:25 2003 : Debug: rlm_ldap: looking for check items in directory... Wed Mar 12 16:49:25 2003 : Debug: rlm_ldap: looking for reply items in directory... Wed Mar 12 16:49:25 2003 : Debug: rlm_ldap: user ron authorized to use remote access Wed Mar 12 16:49:25 2003 : Debug: ldap_release_conn: Release Id: 0 Wed Mar 12 16:49:25 2003 : Debug:   modcall[authorize]: module "ldap" returns ok Wed Mar 12 16:49:25 2003 : Debug: modcall: group authorize returns ok Wed Mar 12 16:49:25 2003 : Debug:   rad_check_password:  Found Auth-Type Ldap Wed Mar 12 16:49:25 2003 : Debug: auth: type "LDAP" Wed Mar 12 16:49:25 2003 : Debug: modcall: entering group authtype Wed Mar 12 16:49:25 2003 : Debug: rlm_ldap: - authenticate Wed Mar 12 16:49:25 2003 : Debug: rlm_ldap: login attempt by "ron" with password "mypassword" Wed Mar 12 16:49:25 2003 : Debug: rlm_ldap: user DN: CN=Restricted,CN=WellKnown Security Principals,CN=Configuration,DC=rovingplanet,DC=com Wed Mar 12 16:49:25 2003 : Debug: rlm_ldap: (re)connect to 10.0.0.13:389, authentication 1 Wed Mar 12 16:49:25 2003 : Debug: rlm_ldap: bind as CN=Restricted,CN=WellKnown Security Principals,CN=Configuration,DC=rovingplanet,DC=com/mypassword to 10.0.0.13:389 Wed Mar 12 16:49:25 2003 : Debug: rlm_ldap: waiting for bind result ... request 1 done Wed Mar 12 16:49:25 2003 : Debug:   modcall[authenticate]: module "ldap" returns reject Wed Mar 12 16:49:25 2003 : Debug: modcall: group authtype returns reject Wed Mar 12 16:49:25 2003 : Debug: auth: Failed to validate the user. Wed Mar 12 16:49:25 2003 : Debug: Delaying request 0 for 1 seconds Wed Mar 12 16:49:25 2003 : Debug: Finished request 0           -----Original Message----- From: Ron Wahler Sent: Tuesday, March 11, 2003 10:01 AM To: [EMAIL PROTECTED] Subject: FreeRadius, LDAP to a remote Active Directory Server     Has anyone integrated FreeRadius/LDAP to a Remote Active Directory Server?   I am trying to integrate the two and need some  examples of radiusd.conf for the LDAP to Active Directory.   I also tried uid=ron And [EMAIL PROTECTED]   I have no organization  just a list of users under users directory in active directory.   The error that concerns me is Tue Mar 11 08:40:06 2003 : Error: rlm_ldap: ldap_search() failed: Operations error     Any one have a radiusd.conf that shows  a good example ?   Thanks, Ron       Tue Mar 11 08:40:06 2003 : Debug: ldap_get_conn: Got Id: 0 Tue Mar 11 08:40:06 2003 : Debug: rlm_ldap: attempting LDAP reconnection Tue Mar 11 08:40:06 2003 : Debug: rlm_ldap: closing existing LDAP connection Tue Mar 11 08:40:06 2003 : Debug: rlm_ldap: (re)connect to 10.0.0.13:389, authentication 0 Tue Mar 11 08:40:06 2003 : Debug: rlm_ldap: bind as / to 10.0.0.13:389 Tue Mar 11 08:40:06 2003 : Debug: rlm_ldap: waiting for bind result ... Tue Mar 11 08:40:06 2003 : Debug: rlm_ldap: performing search in dn=roncompany,dn=com, with filter (uid=ron@ roncompany.com) Tue Mar 11 08:40:06 2003 : Error: rlm_ldap: ldap_search() failed: Operations error Tue Mar 11 08:40:06 2003 : Debug: rlm_ldap: search failed Tue Mar 11 08:40:06 2003 : Debug: ldap_release_conn: Release Id: 0 Tue Mar 11 08:40:06 2003 : Debug:   modcall[authorize]: module "ldap" returns fail Tue Mar 11 08:40:06 2003 : Debug: modcall: group authorize returns fail Tue Mar 11 08:40:06 2003 : Debug: Finished request 16 Tue Mar 11 08:40:06 2003 : Debug: Going to the next request       What is in my radiusd.conf  file…..             ldap {                 #server = "ldap.your.domain"                 server = "10.0.0.13"                 #identity = "cn=Administrator"                 #password =                 #basedn = "o=roncompany.com"                 basedn = "dn=roncompany,dn=com"                 filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"                   # set this to 'yes' to use TLS encrypted connections                 # to the LDAP database by using the StartTLS extended                 # operation.                 start_tls = no                 # set this to 'yes' to use TLS encrypted connections to the                 # LDAP database by passing the LDAP_OPT_X_TLS_TRY option to                 # the ldap library.                 tls_mode = no                   # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"                 # profile_attribute = "radiusProfileDn"                 access_attr = "dialupAccess"                   # Mapping of RADIUS dictionary attributes to LDAP                 # directory attributes.                 dictionary_mapping = ${raddbdir}/ldap.attrmap                   # ldap_cache_timeout = 120                 # ldap_cache_size = 0                 ldap_connections_number = 5                 # password_header = "{clear}"                  password_attribute = userPassword                 # groupname_attribute = cn   # groupmembership_filter ="(|(&(objectClass=GroupOfNames)(member=%{LdapUserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"                 # groupmembership_attribute = radiusGroupName                 timeout = 4                 timelimit = 3                 net_timeout = 1                 # compare_check_items = yes                 # access_attr_used_for_allow = yes         }