> Subject: RE: Ldap search and AD operations error > > Leighton, > > Try using ldapsearch in verbose mode (and debug mode) to get > more info from AD. > > ldapsearch -v -h <AD Server> -D "cn=<account to bind> dc=ad, > dc=hud, dc=ac, dc=uk" -w <password> -x -b "dc=ad, dc=hud, > dc=ac, dc=uk" > "(sAMAccountName=mytestusername)" > > >From a Windows machine, you can also use tools from joeware.com, try > >adfind > (http://www.joeware.net/freetools/tools/adfind/index.htm). > > Once you are able to successfully query AD from a Windows > machine and/or ldapsearch, update your FR configuration and try again. > > Tim >
Many thanks for the reply Tim and apologies for the long delay before trying this. Ldapsearch from the command line as you suggest above works fine yet the debug from FR shows this: rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=ad, dc=hud, dc=ac, dc=uk, with filter (sAMAccountName=mytestusername) rlm_ldap: ldap_search() failed: Operations error rlm_ldap::ldap_groupcmp: search failed rlm_ldap: ldap_release_conn: Release Id: 0 The basedn and filter are identical on the command line and in the config. If I specify an AD container in the config, the search succeeds (providing it's the right container, of course ) Any more ideas - I'm really stuck on this one! Leighton --- This transmission is confidential and may be legally privileged. If you receive it in error, please notify us immediately by e-mail and remove it from your system. If the content of this e-mail does not relate to the business of the University of Huddersfield, then we do not endorse it and will accept no liability. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
