Hello Hugh, It does not work (I get an Access-Reject).
You will find hereafter DEBUG information for several configurations : With the "BindString LDAP://myserver/SAMAccountName=%0,OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC=com ..." parameter : ============DEBUG============== Thu Aug 28 10:38:08 2003: DEBUG: BindString converted to LDAP://myserver/SAMAccountName=geoffrey,OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC=com Thu Aug 28 10:38:08 2003: DEBUG: AuthUser converted to geoffrey Thu Aug 28 10:38:08 2003: DEBUG: Connecting to namespace: LDAP: Thu Aug 28 10:38:09 2003: DEBUG: Running OpenDSObject on LDAP://myserver/SAMAccountName=geoffrey,OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC=com Win32::OLE(0.1601) error 0x8007052e: "Logon failure: unknown user name or bad password" in METHOD/PROPERTYGET "OpenDSObject" at C:/Perl/site/lib/Radius/AuthADSI.pm line 133 Thu Aug 28 10:38:09 2003: DEBUG: Could not get user object: Win32::OLE(0.1601) error 0x8007052e: "Logon failure: unknown user name or bad password" in METHOD/PROPERTYGET "OpenDSObject" Thu Aug 28 10:38:09 2003: INFO: Access rejected for geoffrey: Could not find user ============/DEBUG============= With : SearchAttribute SAMAccountName BindString LDAP://myserver/DC=staff,DC=mycompany,DC=com AuthUser %0 AuthFlags 0 ============DEBUG============== Thu Aug 28 10:47:43 2003: DEBUG: Handling with ASDI Thu Aug 28 10:47:43 2003: DEBUG: BindString converted to LDAP://myserver/DC=staff,DC=mycompany,DC=com Thu Aug 28 10:47:43 2003: DEBUG: AuthUser converted to geoffrey Thu Aug 28 10:47:43 2003: DEBUG: Starting ADODB search for SAMAccountName = geoffrey OLE exception from "ADODB.Command": Object or provider is not capable of performing requested operation. Win32::OLE(0.1601) error 0x800a0cb3in METHOD/PROPERTYGET "" at C:/Perl/site/lib/Radius/AuthADSI.pm line 372 Thu Aug 28 10:47:44 2003: DEBUG: User found at LDAP://CN=DUFOUR Geoffrey, OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC=com Thu Aug 28 10:47:44 2003: DEBUG: Connecting to namespace: LDAP: Thu Aug 28 10:47:44 2003: DEBUG: Running OpenDSObject on LDAP://CN=DUFOUR Geoffrey,OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC=com Win32::OLE(0.1601) error 0x8007052e: "Logon failure: unknown user name or bad password" in METHOD/PROPERTYGET "OpenDSObject" at C:/Perl/site/lib/Radius/AuthADSI.pm line 133 Thu Aug 28 10:47:44 2003: DEBUG: Could not get user object: Win32::OLE(0.1601) error 0x8007052e: "Logon failure: unknown user name or bad password" in METHOD/PROPERTYGET "OpenDSObject" Thu Aug 28 10:47:44 2003: INFO: Access rejected for geoffrey: Could not find user ============/DEBUG============== Any ideas ? Btw, I can't find any information related to the SearchAttribute parameter in the reference manual. Does that mean that some additional documents are available ? Thanks for your help. Regards. Geoffrey -----Message d'origine----- De�: Hugh Irvine [mailto:[EMAIL PROTECTED] Envoy�: jeudi 28 ao�t 2003 5:26 ��: DUFOUR Geoffrey Cc�: [EMAIL PROTECTED] Objet�: Re: (RADIATOR) AuthBy ADSI configuration Hello Geoffrey - To do what you describe you should change "CN=%0" to "samaccountname=%0". I am not quite sure what your requirements are for VPDN users - can you clarify? For a detailed description of the AuthBy ADSI clause please see section 6.40 in the Radiator 3.6 reference manual ("doc/ref.html"). regards Hugh On Wednesday, Aug 27, 2003, at 23:44 Australia/Melbourne, DUFOUR Geoffrey wrote: > Hello, > > I would like to authenticate users using <AuthBy ADSI>. It works fine > with the following configuration : > > BindString > LDAP://myserver/ > CN=%0,OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC= > com > AuthUser %0 > AuthFlags 0 > > This configuration sample shows that the username is bound to the CN > (common name). I need the username to be bound to the attribute > samaccountname. > > In fact I need to allow VPDN users to use the same parameters (username > and password) both to log on the domain and for VPDN access. > > How can I handle this ? > > I am quite new to AD, could you please clarify the difference between > BindString parameter and AuthUser parameter. > > Regards. > > Geoffrey > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > > NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
