Thanks for the reply. Yes, it is a goofy name, but I am told it does have read access on AD (it is in the 'domain user' group).
From: Dustin Doris <[EMAIL PROTECTED]> on Fri, 28 May 2004 13:16:20 -0400 > > Is "CN=User\\, Asteroid,OU=System Accounts..." a valid user with read > access to AD? > > > It seems that this should not be so hard; I am sure I am making a stupid > > mistake somewhere, but I just don't see it. > > > > I am attempting to set up freeradius 0.9.3 (redhat) to use (initially) one > > of several Windows 2003 AD for authentication. I am, however, unable to > > get the first one to work. I have attached what I think are the relevant > > log and configuration sections. The Windows admin is not seeing any > > errors in her logs. On the radius side, it seems that radiusd is not able to > > negotiate a connection that the ldap server will accept. > > > > Any recommendations would be appreciated. > > --Bill > > > > > > --- ldap config from radiusd.conf > > > > ldap { > > server = "win-dc.win-dom.ctc.edu" > > port = 636 > > identity = "CN=User\\, Asteroid,OU=System > > Accounts,OU=CIS,OU=Accounts,DC=WIN-DOM,DC=ctc,DC=edu" > > ** Is "CN=User\\, Asteroid,OU=System Accounts... a valid user with read > access to AD? > > > password = "****" > > start_tls = yes > > basedn = "OU=Accounts,DC=WIN-DOM,DC=ctc,DC=edu" > > filter = "(SamAccountName=%u)" > > dictionary_mapping = ${raddbdir}/ldap.attrmap > > ldap_connections_number = 5 > > timeout = 4 > > timelimit = 3 > > net_timeout = 1 > > ldap_debug = 0x0028 > > } <<snipped>> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html