Hi,
but not any other settins, only file ldap.
ldap {
server = "192.168.0.4"
identity = "CN=freeradius,OU=noc,OU=batlab,DC=batlab,DC=corp"
password = XXXXX
basedn = "dc=batlab,dc=corp"
filter = "(&(objectClass=user)(sAMAccountName=%{User-Name}))"
base_filter = "(objectClass=user)"
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
tls {
start_tls = no
}
dictionary_mapping = ${confdir}/ldap.attrmap
edir_account_policy_check = no
}
What other file setting user for directory?
Regards.
Em 06/13/13 03:37, Iliya Peregoudov escreveu:
On 12.06.2013 4:19, ricardobarbosams wrote:
No my filter is
filter = "(&(objectClass=user)(sAMAccountName=%{User-Name}))"
I do not talk about filter, I do talk about binding to the directory.
Your ldapsearch binds to the directory using one user and your radiusd
binds to directory as another user. These users can have different
authorization levels in the directory server. Directory may allow to
retrieve objects to [email protected] user but disallow it to
CN=freeradius,OU=noc,OU=batlab,DC=batlab,DC=corp user.
Configure radiusd to use the [email protected] user to bind to the
directory and you'll get same results as with ldapsearch.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
