Re: LDAP Authentication (MS Windows AD)

Sat, 29 May 2004 07:41:29 -0700 

Hmmm...  Perhaps you should double-check just to make sure.  Do you have
access to a machine with openldap on it?  You could use the ldapsearch
command to attempt a bind to AD.

It would look something like this:

$ ldapsearch -h win-dc.win-dom.ctc.edu -D "CN=User\\, Asteroid,OU=System
Accounts,OU=CIS,OU=Accounts,DC=WIN-DOM,DC=ctc,DC=edu" -w
whateveryourpasswordis -b "OU=Accounts,DC=WIN-DOM,DC=ctc,DC=edu"
"(SamAccountName=jdummy)"

-Dusty

On Fri, 28 May 2004, Bill Shaver wrote:

> Thanks for the reply. Yes, it is a goofy name, but I am told it does
> have read access on AD (it is in the 'domain user' group).
>
> From: Dustin Doris <[EMAIL PROTECTED]> on Fri, 28 May 2004 13:16:20 -0400
> >
> > Is "CN=User\\, Asteroid,OU=System Accounts..." a valid user with read
> > access to AD?
> >
> > > It seems that this should not be so hard; I am sure I am making a stupid
> > > mistake somewhere, but I just don't see it.
> > >
> > > I am attempting to set up freeradius 0.9.3 (redhat) to use (initially) one
> > > of several Windows 2003 AD for authentication. I am, however, unable to
> > > get the first one to work. I have attached what I think are the relevant
> > > log and configuration sections. The Windows admin is not seeing any
> > > errors in her logs. On the radius side, it seems that radiusd is not able to
> > > negotiate a connection that the ldap server will accept.
> > >
> > > Any recommendations would be appreciated.
> > >   --Bill
> > >
> > >
> > > --- ldap config from radiusd.conf
> > >
> > > ldap {
> > >   server = "win-dc.win-dom.ctc.edu"
> > >   port = 636
> > >   identity = "CN=User\\, Asteroid,OU=System 
> > > Accounts,OU=CIS,OU=Accounts,DC=WIN-DOM,DC=ctc,DC=edu"
> >
> > ** Is "CN=User\\, Asteroid,OU=System Accounts... a valid user with read
> > access to AD?
> >
> > >   password = "****"
> > >   start_tls = yes
> > >   basedn = "OU=Accounts,DC=WIN-DOM,DC=ctc,DC=edu"
> > >   filter = "(SamAccountName=%u)"
> > >   dictionary_mapping = ${raddbdir}/ldap.attrmap
> > >   ldap_connections_number = 5
> > >   timeout = 4
> > >   timelimit = 3
> > >   net_timeout = 1
> > >   ldap_debug = 0x0028
> > > }
>       <<snipped>>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to