Thanks for the tip with th NT Domain hack Brian.
An other problem is the LDAP Query themself. I get no result for my Username. But the
User exists and when I use the ldapsearch command with the
same filter I also get an result.
I use the latest CVS Version of Freeradius
and openLDAP Version 2.1.22-1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for sevcikb
radius_xlat: '(uid=sevcikb)'
radius_xlat: 'ou=People,ou=admin,dc=tgm.dc=ac,dc=at'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,ou=admin,dc=tgm.dc=ac,dc=at, with filter
(uid=sevcikb)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
ldap_release_conn: Release Id: 0
Hers my config:
ldap {
server = "localhost"
identity = "cn=admin,dc=tgm,dc=ac,dc=at"
password = xxx
basedn = "ou=People,ou=admin,dc=tgm.dc=ac,dc=at"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
# base_filter = "(objectclass=radiusprofile)"
# set this to 'yes' to use TLS encrypted connections
# to the LDAP database by using the StartTLS extended
# operation.
# The StartTLS operation is supposed to be used with normal
# ldap connections instead of using ldaps (port 689) connections
start_tls = no
# tls_cacertfile = /path/to/cacert.pem
# tls_cacertdir = /path/to/ca/dir/
# tls_certfile = /path/to/radius.crt
# tls_keyfile = /path/to/radius.key
# tls_randfile = /path/to/rnd
# tls_require_cert = "demand"
# default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
# profile_attribute = "radiusProfileDn"
# access_attr = "dialupAccess"
# Mapping of RADIUS dictionary attributes to LDAP
# directory attributes.
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
#
# NOTICE: The password_header directive is NOT case insensitive
#
# password_header = "{clear}"
#
# The server can usually figure this out on its own, and pull
# the correct User-Password or NT-Password from the database.
#
# Note that NT-Passwords MUST be stored as a 32-digit hex
# string, and MUST start off with "0x", such as:
#
# 0x000102030405060708090a0b0c0d0e0f
#
# Without the leading "0x", NT-Passwords will not work.
# This goes for NT-Passwords stored in SQL, too.
#
password_attribute = ntPassword
# groupname_attribute = cn
# groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
# groupmembership_attribute = radiusGroupName
timeout = 4
timelimit = 3
net_timeout = 1
# compare_check_items = yes
# do_xlat = yes
# access_attr_used_for_allow = yes
}
Thanks for help
Berndt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
