radiusd -X -f: http://pastebin.ca/458790
I have configured the ldap module according to the rlm_ldap wiki
(minus TLS, just trying one thing at a time).I have supplied:
identity = "cn=admin,o=tfxschool,c=AU"
password = pass
As I have been told anonymous binding is not the way to go for
>From reading the error log it seems to me that freeradius does
succesfully connect to the ADS server via ldap but fails to find the
output in question:
rlm_ldap: - authorize
rlm_ldap: performing user authorization for jacob
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to tfxschoolfs01.tfxschool.internal:389, authentication 0
rlm_ldap: bind as /pass to tfxschoolfs01.tfxschool.internal:389
rlm_ldap: waiting for bind result ...
request done: ld 0x8697ed0 msgid 1
rlm_ldap: Bind was successful
rlm_ldap: performing search in o=tfxschool,c=AU, with filter (uid=jacob)
request done: ld 0x8697ed0 msgid 2
rlm_ldap: ldap_search() failed: Operations error
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns fail for request 0
modcall: leaving group authorize (returns fail) for request 0
Finished request 0
The user Jacob auth's fine via the ntlm_auth module but fails with my
current ldap setup.
Does the user admin need special priveleges on the Windows 2003 ADS to
search / retrieve user information (eg password, group etc).
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html