You can use pam with a pam_krb5 module to authenticate users to AD.
Markus
Ivan Kalik [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
rad_recv: Access-Request packet from host 10.131.23.252:1645, id=84,
length=79
NAS-IP-Address = 10.131.23.252
NAS-Port = 11
I think it should then be updated in rlm_ldap.c. Who maintains this module ?
Thank you
Markus
Alan DeKok [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Gopinath Reddy N wrote:
We have not changed any data in AD. But when we upgrade and try to
connect using valid user id..user is
DeKok [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Markus Moeller wrote:
I have a internal check Attribute My-Test defined as string. I have the
following in authorize
..
switch control:My-Test {
The switch statement should use double quotes: %{control:My-Test
I came across the same problem and my debugging shows the following:
1) ldap_groupcmp calls radius_xlat to replace Ldap_UserDn with the value.
2) radius_xlat calls decode_attribute
3) decode_attribute calls xlat_packet with instance 1 and returns 0 (=nothing
found)
if ((c =
that look OK ?
Thank you
Markus
BTW Are you intereseted in my Mozilla SDK patch for the ldap module ?
Alan DeKok [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Markus Moeller wrote:
if (%{ldap: stuff... } == bar) {
...
I didn't know that is possible. Where is this documented
I have a internal check Attribute My-Test defined as string. I have the
following in authorize
update reply {
Reply-Message = Hi
}
switch control:My-Test {
case 500 {
update control {
Alan DeKok [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Markus Moeller wrote:
That was the only way I could get it to work. If I use update control
anybody can login, whereas in my setup only a user who exits in ldap get
AUth-Type set to LDAP all other users have an empty value
I think you need to use Ldap-Group instead of myldap-Ldap-Group or do you use
do_xlat ?
Markus
cxu [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]
Background:
When a user associated with the ssid Guest, the user will authenticate
against a FreeRadius server. If he has a
Alan DeKok [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Markus Moeller wrote:
I am new to freeradius and try to authenticate users with pam and
authorize
with ldap groups. I try to find a minimal configuration but have some
problems forcing the Auth-Type to be PAM.
You
Find attached a patch to use the mozilla sdk instead of openldap for
rlm_ldap. Use -DHAVE_LDAPSSL_ADVCLIENTAUTH_INIT and change ldap_r to ldap in
configure.
Markus
rlm_ldap_mozilla.patch
Description: Binary data
-
List info/subscribe/unsubscribe? See
Hi,
I am new to freeradius and try to authenticate users with pam and authorize
with ldap groups. I try to find a minimal configuration but have some
problems forcing the Auth-Type to be PAM.
I have radiusd.conf:
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
11 matches
Mail list logo