Thanks for the reply. Yes, it is a goofy name, but I am told it does
have read access on AD (it is in the 'domain user' group).
From: Dustin Doris <[EMAIL PROTECTED]> on Fri, 28 May 2004 13:16:20 -0400
>
> Is "CN=User\\, Asteroid,OU=System Accounts..." a valid user with read
> access to AD?
>
> > It seems that this should not be so hard; I am sure I am making a stupid
> > mistake somewhere, but I just don't see it.
> >
> > I am attempting to set up freeradius 0.9.3 (redhat) to use (initially) one
> > of several Windows 2003 AD for authentication. I am, however, unable to
> > get the first one to work. I have attached what I think are the relevant
> > log and configuration sections. The Windows admin is not seeing any
> > errors in her logs. On the radius side, it seems that radiusd is not able to
> > negotiate a connection that the ldap server will accept.
> >
> > Any recommendations would be appreciated.
> > --Bill
> >
> >
> > --- ldap config from radiusd.conf
> >
> > ldap {
> > server = "win-dc.win-dom.ctc.edu"
> > port = 636
> > identity = "CN=User\\, Asteroid,OU=System
> > Accounts,OU=CIS,OU=Accounts,DC=WIN-DOM,DC=ctc,DC=edu"
>
> ** Is "CN=User\\, Asteroid,OU=System Accounts... a valid user with read
> access to AD?
>
> > password = "****"
> > start_tls = yes
> > basedn = "OU=Accounts,DC=WIN-DOM,DC=ctc,DC=edu"
> > filter = "(SamAccountName=%u)"
> > dictionary_mapping = ${raddbdir}/ldap.attrmap
> > ldap_connections_number = 5
> > timeout = 4
> > timelimit = 3
> > net_timeout = 1
> > ldap_debug = 0x0028
> > }
<<snipped>>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
