Hello Markus!
I'm trying to authorize freeradius users from the
active directory. I've seen your configuration file
but there is a couple of things that I didn't
understand (in fact, I don't know AD very well,
sorry).
At the line about the server, do you mean
server=server.domain ?
After that, must the identity and password be of a
user who can access the AD?
And last, what's the basedn field?
So if you (or someone else, of course) could help
me...
Thank you in advance!
ester
--- [EMAIL PROTECTED] escribi�:
> Hello Hugo,
>
> there is no problem to use FR with AD.
>
> here is an example:
>
> ldap {
> server = your.ad.server.org
> identity = "(some user, you dosnt
> need a special one, i createt one only for asking
> ad. I have choosen the user principal name)"
> password= (the password)
> basedn = "dc=your,dc=company,dc=org"
> # here you have to choose the
> filter, i use the UserPrincipalName but you can
> choose something else to
> filter = "(UserPrincipalName=%u)"
>
> # set this to 'yes' to use TLS
> encrypted connections
> # to the LDAP database by using the
> StartTLS extended
> # operation.
> # The StartTLS operation is supposed
> to be used with normal
> # ldap connections instead of using
> ldaps (port 689) connections
> start_tls = no
>
> # Mapping of RADIUS dictionary
> attributes to LDAP
> # directory attributes.
> dictionary_mapping =
> ${raddbdir}/ldap.attrmap
>
> ldap_connections_number = 5
> #if you want to check if the user is
> in a special group you can use this
> groupmembership_filter =
> "(member=%{Ldap-UserDn})"
> timeout = 4
> timelimit = 3
> net_timeout = 1
> }
> in the authorize and the authentication section you
> have to uncomment the ldap entry.
>
>
> Your usersfile shold look like this:
>
> DEFAULT Ldap-Group == (groupname to check
> for), Auth-Type := LDAP
> Fall-Through = no
>
>
> Good Luck
>
> Markus
>
>
> -----Urspr�ngliche Nachricht-----
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> Im Auftrag von Hugo Sousa
> Gesendet: Donnerstag, 12. August 2004 10:44
> An: [EMAIL PROTECTED]
> Betreff: freeRADIUS and Microsoft Active Directory
>
>
>
> Hi all,
>
> Did any of you guys already configured a freeRADIUS
> with Microsoft Active Directory?
>
> I know that is possibile to configure "FR" with
> LDAP, so, I think that it's also possible to do it
> with AD.
>
> If you could reply me with some example of the
> .conf files to this particular situation, that would
> be just great! :-)
>
> Thanls.
>
> Best regards,
>
> Hugo Sousa
> SysAdmin / NetworkAdmin
> http://www.netsystems.pt <http://www.netsystems.pt>
>
> Portugal
>
>
______________________________________________
Renovamos el Correo Yahoo!: �100 MB GRATIS!
Nuevos servicios, m�s seguridad
http://correo.yahoo.es
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html