Stewart James wrote: > I have been roped in to look over an issue we have with migrating from > Novell to AD.
Repeat after me: AD is not an LDAP server. It's not. It fakes it pretty well, but it's not. > As I stated earlier authentication fall through works like a treat (if > in the users file I don’t specify an LDAP-Group authentication works). > If I only specify 1 ldap server to do authentication and authorisation, > everything works, its only when I try to do authorisation via LDAP-Group > AND try to do authorisation fall through as documentation above do I > start getting errors. If you are trying to use LDAP to obtain the "known good" password from AD, it's impossible. > rlm_ldap: performing search in dc=ad,dc=vu,dc=edu,dc=au, with filter > (samaccountname=USERNAME) .. > rlm_ldap: looking for check items in directory... > > rlm_ldap: looking for reply items in directory... Nothing. i.e. The user was found, but *nothing* more than that was found. > auth: No authenticate method (Auth-Type) configuration found for the > request: Rejecting the user The server doesn't know how to authenticate the user, so the user is rejected. Please explain a little more what you're trying to do, and what you expect to see where. Right now, you're trying to debug a solution. Instead, focus on the problem, and the solution may be simple (or impossible). Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
