Thanks frank, Regarding searching base dn from parent node (correct term I hope) I did try on the weekend but to no success but retrying today worked fine :) (quite possibly me doing more that one change at a time again).
I also added the filter as per your suggestion. I appreciate the feedback as this has made things alot easier. On 4/30/07, Ranner, Frank MR <[EMAIL PROTECTED]> wrote: > > > > -----Original Message----- > > From: > > [EMAIL PROTECTED] > eradius.org [mailto:freeradius-users-> > [EMAIL PROTECTED] On > > Behalf Of Jacob Jarick > > Sent: Sunday, 29 April 2007 20:48 > > To: FreeRadius users mailing list > > Subject: Re: Freeradius Auth via LDAP against Active > > Directory Server 2003 > > > > OK tried with 1.1.4 and yerp works great. > > > > radiusd -X output: http://pastebin.ca/464153 > > radiusd.conf: http://pastebin.ca/464156 > > > > I also realised a mistake I have been making, see I want to > > search the whole active directory, hence I kept setting my > > basedn without an ou. > > After seeing your excellent example and auth'ing had failed I > > stuck in an OU and tried a user from the OU and worked fine. > > > > So my questions is this, to auth people from multiple OU's do > > I create a new ldap module for each OU or is their a simpler way. > > > > You should be able to set the base DN at the parent node, because the > search is a subtree search. In my setup (openldap, not AD) I also > use the base_filter directive in radiusd.conf to restrict the type of > records to be searched. I use base_filter = > "(objectclass=radiusprofile)" > You should use base_filter = "(objectclass=user)" This goes into the > ldap > Section somewhere near the basedn line. > > Regards, > Frank Ranner > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html