Thanks frank,
Regarding searching base dn from parent node (correct term I hope) I
did try on the weekend but to no success but retrying today worked
fine :) (quite possibly me doing more that one change at a time
again).
I also added the filter as per your suggestion.
I appreciate the feedback as this has made things alot easier.
On 4/30/07, Ranner, Frank MR [EMAIL PROTECTED] wrote:
-Original Message-
From:
[EMAIL PROTECTED]
eradius.org [mailto:freeradius-users-
[EMAIL PROTECTED] On
Behalf Of Jacob Jarick
Sent: Sunday, 29 April 2007 20:48
To: FreeRadius users mailing list
Subject: Re: Freeradius Auth via LDAP against Active
Directory Server 2003
OK tried with 1.1.4 and yerp works great.
radiusd -X output: http://pastebin.ca/464153
radiusd.conf: http://pastebin.ca/464156
I also realised a mistake I have been making, see I want to
search the whole active directory, hence I kept setting my
basedn without an ou.
After seeing your excellent example and auth'ing had failed I
stuck in an OU and tried a user from the OU and worked fine.
So my questions is this, to auth people from multiple OU's do
I create a new ldap module for each OU or is their a simpler way.
You should be able to set the base DN at the parent node, because the
search is a subtree search. In my setup (openldap, not AD) I also
use the base_filter directive in radiusd.conf to restrict the type of
records to be searched. I use base_filter =
(objectclass=radiusprofile)
You should use base_filter = (objectclass=user) This goes into the
ldap
Section somewhere near the basedn line.
Regards,
Frank Ranner
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html