I found the correct configuration settings for LDAP to Active directory in radiusd.conf
Ldap section or radiusd.conf
Ldap { …
identity = "cn=Admin,cn=Users,dc=rovingplanet,dc=com" password = "youradminpassword" basedn = "dc=yourcompany,dc=com"
# stripped name filter = "(SamAccountName=%U)"
or
# full name filter = "(SamAccountName=%u)"
}
Ron Wahler
-----Original Message-----
Has anyone integrated FreeRadius/LDAP to a Remote Active Directory Server?
I am trying to integrate the two and need some examples of radiusd.conf for the LDAP to Active Directory.
I also tried uid=ron
I have no organization just a list of users under users directory in active directory.
The error that concerns me is Tue Mar 11 08:40:06 2003 : Error: rlm_ldap: ldap_search() failed: Operations error
Any one have a radiusd.conf that shows a good example ?
Thanks, Ron
Tue Mar 11 08:40:06 2003 : Debug: ldap_get_conn: Got Id: 0 Tue Mar 11 08:40:06 2003 : Debug: rlm_ldap: attempting LDAP reconnection Tue Mar 11 08:40:06 2003 : Debug: rlm_ldap: closing existing LDAP connection Tue Mar 11 08:40:06 2003 : Debug: rlm_ldap: (re)connect to 10.0.0.13:389, authentication 0 Tue Mar 11 08:40:06 2003 : Debug: rlm_ldap: bind as / to 10.0.0.13:389 Tue Mar 11 08:40:06 2003 : Debug: rlm_ldap: waiting for bind result ... Tue Mar 11 08:40:06 2003 : Debug: rlm_ldap: performing search in dn=roncompany,dn=com, with filter (uid=ron@ roncompany.com) Tue Mar 11 08:40:06 2003 : Error: rlm_ldap: ldap_search() failed: Operations error Tue Mar 11 08:40:06 2003 : Debug: rlm_ldap: search failed Tue Mar 11 08:40:06 2003 : Debug: ldap_release_conn: Release Id: 0 Tue Mar 11 08:40:06 2003 : Debug: modcall[authorize]: module "ldap" returns fail Tue Mar 11 08:40:06 2003 : Debug: modcall: group authorize returns fail Tue Mar 11 08:40:06 2003 : Debug: Finished request 16 Tue Mar 11 08:40:06 2003 : Debug: Going to the next request
What is in my radiusd.conf file…..
ldap { #server = "ldap.your.domain" server = "10.0.0.13" #identity = "cn=Administrator" #password = #basedn = "o=roncompany.com" basedn = "dn=roncompany,dn=com" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
# set this to 'yes' to use TLS encrypted connections # to the LDAP database by using the StartTLS extended # operation. start_tls = no # set this to 'yes' to use TLS encrypted connections to the # LDAP database by passing the LDAP_OPT_X_TLS_TRY option to # the ldap library. tls_mode = no
# default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA" # profile_attribute = "radiusProfileDn" access_attr = "dialupAccess"
# Mapping of RADIUS dictionary attributes to LDAP # directory attributes. dictionary_mapping = ${raddbdir}/ldap.attrmap
# ldap_cache_timeout = 120 # ldap_cache_size = 0 ldap_connections_number = 5 # password_header = "{clear}" password_attribute = userPassword # groupname_attribute = cn
# groupmembership_filter ="(|(&(objectClass=GroupOfNames)(member=%{LdapUserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" # groupmembership_attribute = radiusGroupName timeout = 4 timelimit = 3 net_timeout = 1 # compare_check_items = yes # access_attr_used_for_allow = yes } |