> -----Original Message-----
> From: 
eradius.org [mailto:freeradius-users->
> Behalf Of Jacob Jarick
> Sent: Sunday, 29 April 2007 20:48
> To: FreeRadius users mailing list
> Subject: Re: Freeradius Auth via LDAP against Active 
> Directory Server 2003
> OK tried with 1.1.4 and yerp works great.
> radiusd -X output: http://pastebin.ca/464153
> radiusd.conf: http://pastebin.ca/464156
> I also realised a mistake I have been making, see I want to 
> search the whole active directory, hence I kept setting my 
> basedn without an ou.
> After seeing your excellent example and auth'ing had failed I 
> stuck in an OU and tried a user from the OU and worked fine.
> So my questions is this, to auth people from multiple OU's do 
> I create a new ldap module for each OU or is their a simpler way.

You should be able to set the base DN at the parent node, because the 
search is a subtree search. In my setup (openldap, not AD) I also 
use the base_filter directive in radiusd.conf to restrict the type of 
records to be searched. I use base_filter =
You should use base_filter = "(objectclass=user)" This goes into the
Section somewhere near the basedn line.

Frank Ranner

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to