Active Directory Users

[Mohammad Abohelal]

Hi all   I need help with simple configuration to authenticate windows active directory users via free radius.   I have a domain controller, Cisco vpdn router , and free radius  UNIX environment  ( FreeBSD )   Active directory group: VPDN, user name's have allow dialin on user option   Radiusd.conf ldap configuration:         ldap {               server = "ad.xxx.yyy"             identity = "CN=radiusd,OU=External_Object,DC=xxxl,DC=yyy"             password = radiusd111             basedn = "OU=VPDN_USERS,OU=External_Object,DC=xxx,DC=yyy"             filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"             base_filter = "(objectclass=radiusprofile)"         When I try to connect via l2tp dialer I get error:  (auth: Failed to validate the user  (     modcall: leaving group authorize (returns ok) for request 0   rad_check_password:  Found Auth-Type LDAP auth: type "LDAP"   Processing the authenticate section of radiusd.conf modcall: entering group LDAP for request 0 rlm_ldap: - authenticate rlm_ldap: login attempt by "vpdn1" with password "xxxx" radius_xlat:  '(uid=vpdn1)' radius_xlat:  'OU=VPDN_USERS,OU=External_Object,DC=xxxl,DC=yyy' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ad.xxx.yyy:389, authentication 0 rlm_ldap: bind as CN=radiusd,OU=External_Object,DC=xxx,DC=yyy/radiusd111 to ad.xxx.yyy:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in OU=VPDN_USERS,OU=External_Object,DC=xxx,DC=yyy, with filter (uid=vpdn1) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0   modcall[authenticate]: module "ldap" returns notfound for request 0 modcall: leaving group LDAP (returns notfound) for request 0 auth: Failed to validate the user. Login incorrect (rlm_ldap: User not found): [vpdn1/xxxx (from client wan-gw1 port 25) Delaying request 0 for 1 seconds Finished request 0 Going to the next request Thread 1 waiting to be assigned a request rad_recv: Access-Request packet from host 194.90.143.73:1645, id=20, length=102 Sending Access-Reject of id 20 to 194.90.143.73 port 1645 --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 20 with timestamp 44e4c472 Nothing to do.  Sleeping until we see a request.     Thank you   Mohammad

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html