Hello all, I am still running into problems with this setup. I have made some progress though.
First off, my setup is: SSL VPN Client -> Cisco VPN Concentrator -> FreeRadius -> Active Directory I can query Active with the ldapsearch tool. waggawagga raddb # ldapsearch -h w.x.y.z -x -b 'ou=information technology,ou=datawave users,dc=corp,dc=van,dc=dwave' '(samaccountname=apuye)' -D [EMAIL PROTECTED] -W Enter LDAP Password: # extended LDIF # # LDAPv3 # base <ou=information technology,ou=datawave users,dc=corp,dc=van,dc=dwave> with scope sub # filter: (samaccountname=apuye) # requesting: ALL # # Alhagie Puye, Information Technology, DataWave Users, corp.van.dwave dn: CN=Alhagie Puye,OU=Information Technology,OU=Datawave Users,DC=corp,DC=van ,DC=dwave memberOf: CN=itops-folder,OU=SHARED FOLDERS,OU=DataWave Users,DC=corp,DC=van,D C=dwave memberOf: CN=rptpcps,OU=DataWave Users,DC=corp,DC=van,DC=dwave memberOf: CN=itops,OU=Information Technology,OU=DataWave Users,DC=corp,DC=van, DC=dwave memberOf: CN=datawave,OU=DataWave Users,DC=corp,DC=van,DC=dwave accountExpires: 9223372036854775807 badPasswordTime: 127775870835283171 badPwdCount: 0 codePage: 0 cn: Alhagie Puye countryCode: 0 description: IT Operations displayName: Alhagie Puye givenName: Alhagie homeDirectory: \\server\apuye homeDrive: H: instanceType: 4 lastLogoff: 0 lastLogon: 127776922250294313 logonCount: 173 msNPAllowDialin: TRUE distinguishedName: CN=Alhagie Puye,OU=Information Technology,OU=DataWave Users ,DC=corp,DC=van,DC=dwave objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=van,DC=dwave objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user objectGUID:: oO1UkRu8RkScNIOHmaB/qw== objectSid:: AQUAAAAAAAUVAAAAzSmuLihcKk12fipaZwkAAA== primaryGroupID: 513 profilePath: \\\server1\apuye pwdLastSet: 127771529310887572 name: Alhagie Puye sAMAccountName: apuye sAMAccountType: 805306368 sn: Puye userAccountControl: 512 userParameters:: bTogICAgICAgICAgICAgICAgICAgIGQJICAgICAgICAgICAgICAgICAgICAgI CAgUBAaCAFDdHhDZmdQcmVzZW5045S15pSx5oiw44GiGAgBQ3R4Q2ZnRmxhZ3Mx44Cw44Gm4 6Cy44 C5FggBQ3R4Q2FsbGJhY2vjgLDjgLDjgLDjgLASCAFDdHhTaGFkb3fjhLDjgLDjgLDjgLAoCA FDdHh NYXhDb25uZWN0aW9uVGltZeOAsOOAsOOAsOOAsC4IAUN0eE1heERpc2Nvbm5lY3Rpb25UaW1 l44Cw 44Cw44Cw44CwHAgBQ3R4TWF4SWRsZVRpbWXjgLDjgLDjgLDjgLAiCAFDdHhLZXlib2FyZExh eW91d OOAsOOAsOOAsOOAsCoCAUN0eE1pbkVuY3J5cHRpb25MZXZlbOOEsCACAUN0eFdvcmtEaXJlY 3Rvcn njgLAgAgFDdHhOV0xvZ29uU2VydmVy44CwGAIBQ3R4V0ZIb21lRGly44CwIgIBQ3R4V0ZIb2 1lRGl yRHJpdmXjgLAgAgFDdHhXRlByb2ZpbGVQYXRo44CwIgIBQ3R4SW5pdGlhbFByb2dyYW3jgLA iAgFD dHhDYWxsYmFja051bWJlcuOAsA== userPrincipalName: [EMAIL PROTECTED] uSNChanged: 7588047 uSNCreated: 5713011 whenChanged: 20051122170851.0Z whenCreated: 20050902184213.0Z # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 waggawagga raddb # When I run: Server# radtest apuye password localhost 1 testing123 I get: rad_recv: Access-Request packet from host 127.0.0.1:49732, id=181, length=57 User-Name = "apuye" User-Password = "password" NAS-IP-Address = 255.255.255.255 NAS-Port = 1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "apuye", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for apuye radius_xlat: '(sAMAccountName=apuye)' radius_xlat: 'ou=Information Technology,ou=DataWave Users,dc=corp,dc=van,dc=dwave' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to huckster.corp.van.dwave:389, authentication 0 rlm_ldap: bind as cn=apuye,ou=Information Technology,ou=DataWave Users,DC=corp,DC=van,DC=dwave/ to w2kserver.corp.van.dwave:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=Information Technology,ou=DataWave Users,dc=corp,dc=van,dc=dwave, with filter (sAMAccountName=apuye) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 0 modcall: group authorize returns ok for request 0 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 My radiusd.conf file looks like this: ldap { server = "w2kserver.corp.van.dwave" # identity = "cn=admin,o=My Org,c=UA" identity = "cn=apuye,ou=Information Technology,ou=DataWave Users,DC=corp,DC=van,DC=dwave" # password = mypass password_attribute = "password" #basedn= "DC=corp,DC=van,DC=dwave" basedn = "ou=Information Technology,ou=DataWave Users,dc=corp,dc=van,dc=dwave" #filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" filter = "(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})" #filter = "(SamAccountName=%U)" # base_filter = "(objectclass=radiusprofile)" Any help is greatly appreciated. Does anyone want to share a working ldap section to Active Directory? Thanks in advance Alhagie Puye - Network Engineer Datawave Group of Companies (604)295-1817 Disclaimer: This message (including any attachments) is confidential, may be privileged and is only intended for the person to whom it is addressed. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. E-mail communications are inherently vulnerable to interception by unauthorized parties and are susceptible to change. We will use alternate communication means upon request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html