Hy all,
Here is my Problem, hope someone is able to help me.
I use freeradius 0.9.3 on debian. I will ask our companys ad for authentication. The
AD is build up in the following way:
Ou=users,Ou=(fifferent ous), dc=my,dc=company,dc=de
If i ask for a user with basedn Ou=unit, dc=my,dc=company,dc=de everything works fine.
Now i have to ask for different users in different ous, so i use basdn=
dc=company,dc=de now i got an error saying:
Error: rlm_ldap: ldap_search() failed: Opperational Error.
I traced it and saw that i got an reference and the ldap module binds to a different
AD server, the problem is it tries to bind anonymouse, dont know why it doesnt use the
identity i configured.
In the search result there is the anwser i needed to. But how cann i use it without
the reference or how can i say the module to use the configured identity.
Here is the ldap part of my radiusd.conf:
<<snipp>>
ldap {
server = adserver.my.company.hamburg.de
identity = "[EMAIL PROTECTED]"
password= ********
basedn = "DC=my,DC=company,DC=hamburg,DC=de"
filter = "(UserPrincipalName=%u)"
# set this to 'yes' to use TLS encrypted connections
# to the LDAP database by using the StartTLS extended
# operation.
# The StartTLS operation is supposed to be used with normal
# ldap connections instead of using ldaps (port 689) connections
start_tls = no
# Mapping of RADIUS dictionary attributes to LDAP
# directory attributes.
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
groupmembership_filter = "(member=%{Ldap-UserDn})"
timeout = 4
timelimit = 3
net_timeout = 1
}
<<snip>>
Is it a bug or e feature ;-)
Regards
Markus Wintruff
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
