Ryan,
I am now actually in the process of implementing your method.
auth via ntlm
retrevie attributes via ldap (group, dialup_access, etc)
Can you suggest some reading or point me in the right direction.
ATM I have ntlm and ldap configured and ntlm (hoping it might just
work :P and for testing).
On Tue, 2007-06-05 at 09:22 -0500, Ryan Kramer wrote:
>
> Were you ever able to solve the issue of multipe OU's? I have about
> 100 OU's that have users under them, running without a specified OU
Why can't you specify a top-level OU and use subtree searches?
> doesn't work, and obviously once
Were you ever able to solve the issue of multipe OU's? I have about 100
OU's that have users under them, running without a specified OU doesn't
work, and obviously once I drop into an OU it hits the users that live
there, and no others.
Ryan
On 4/29/07, Jacob Jarick <[EMAIL PROTECTED]> wrote
Sure, I have no probs doing it via the wiki. When I get a chance I
will create. For me the biggest help was finding SecureW2, truly an
excellent little app.
On 5/2/07, Ryan Kramer <[EMAIL PROTECTED]> wrote:
> You can take care of #1 by still doing LDAP to AD for the groups, but using
> ntlm for th
Ryan is correct,
You can auth via ntlm then get groups via ldap. I would have pursued
it further were I allowed to use samba.
For People having trouble, well 3 things really helped me out alot
once I got radtest working.
1 - If You must use LDAP for auth and no other (as my situation was)
be awar
You can take care of #1 by still doing LDAP to AD for the groups, but using
ntlm for the password authentication. This seems counterproductive, unless
you are using a backside encryption where you need to do it that way, which
is what I ended up having to do.
On 4/30/07, Jacob Jarick <[EMAIL
On Tue 01 May 2007, shrikant Bhat wrote:
> Jacob,
> Could you please send the steps you followed to integrate ad with FR?.
> I am completely lost and confused with the information available on
> this .
Hi Jacob
If you plan on documenting the steps that you took, can I respectfully
request that y
Jacob,
Could you please send the steps you followed to integrate ad with FR?.
I am completely lost and confused with the information available on
this .
thanks,
SB
On 5/1/07, Jacob Jarick <[EMAIL PROTECTED]> wrote:
> Thanks for the Tip ryan but I have been down that road and 2 reasons stopped
> m
Thanks for the Tip ryan but I have been down that road and 2 reasons stopped me:
1 - no way of retrieving ldap groups
2 - Been requested not to have samba on the machine.
ntlm_auth was very straight forward for me because it supports all the
encryption methods.
On 5/1/07, Ryan Kramer <[EMAIL PRO
depending on the wifi auth method, you may want to also investigate a
NTLM_AUTH method instead of straight ldap. This requires the freeradius
machine to be a member of the domain, but once you do that it works great.
On 4/29/07, Jacob Jarick <[EMAIL PROTECTED]> wrote:
OK tried with 1.1.4 and
> > Sent: Sunday, 29 April 2007 20:48
> > To: FreeRadius users mailing list
> > Subject: Re: Freeradius Auth via LDAP against Active
> > Directory Server 2003
> >
> > OK tried with 1.1.4 and yerp works great.
> >
> > radiusd -X output: http://pastebin.c
> -Original Message-
> From:
> [EMAIL PROTECTED]
eradius.org [mailto:freeradius-users->
[EMAIL PROTECTED] On
> Behalf Of Jacob Jarick
> Sent: Sunday, 29 April 2007 20:48
> To: FreeRadius users mailing list
> Subject: Re: Freeradius Auth via LDAP against Active
OK tried with 1.1.4 and yerp works great.
radiusd -X output: http://pastebin.ca/464153
radiusd.conf: http://pastebin.ca/464156
I also realised a mistake I have been making, see I want to search the
whole active directory, hence I kept setting my basedn without an ou.
After seeing your excellent e
radiusd.conf: http://pastebin.ca/464133
radius -X ouput: http://pastebin.ca/464138
Tried with 1.1.6 and fails with this error:
rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
rlm_ldap: Opening file /etc/raddb/ldap.attrmap failed
rlm_ldap: Reading dictionary mappings fro
Thanks for the very detailed instructions.
I will attempt this shortly (bought rad & ad servers home for weekend study).
Quite possible the biggest learning curve for me is the ldap fields
but I am finally starting to get familar with them.
Cheers again, will post back once Ive run the radtest.
I haven't been following your (quite extensive) queries, so apologies if
I've missed something fundamental.
I honestly don't know why this is proving so difficult. I've just tested
this against our own 2k3 AD service, and although I'm pretty familiar
with FR it took under 5 minutes. Try followi
Well I have another angle I will be attacking the problem from on the weekend.
I will be installing and configuring OpenLDAP on my linux server
making it replicate the ADS 2003 server then following the
gentoo-wiki's Freeradius and OpenLDAP implementation howto.
So the modified layout plan:
clien
I have been at this for awhile now, so I thought I would share a
summary of what I have figured out so far for anyone else that decides
to try this.
1 - Documentation for this particular configuration is either out of
date / incomplete / both. There are no howtos that will get from start
to end (i
18 matches
Mail list logo
