Dusty,
Thanks. I spent some time working at it from the LDAP angle and it
still fails with the ldapsearch. I will do some more reading/research
to get that working first, then if I have problems getting it work
with FreeRADIUS, I will get back with you all. (If you have some good
recommendations on howto's or other references getting OpenLDAP and MS
AD to talk, I would appreciate the suggestions.)
Thanks for the pointers.
--Bill
>From Dustin Doris on Sat, 29 May 2004 10:40:55 -0400 (EDT)
Hmmm... Perhaps you should double-check just to make sure. Do you have
access to a machine with openldap on it? You could use the ldapsearch
command to attempt a bind to AD.
It would look something like this:
$ ldapsearch -h win-dc.win-dom.ctc.edu -D "CN=User\\, Asteroid,OU=System
Accounts,OU=CIS,OU=Accounts,DC=WIN-DOM,DC=ctc,DC=edu" -w
whateveryourpasswordis -b "OU=Accounts,DC=WIN-DOM,DC=ctc,DC=edu"
"(SamAccountName=jdummy)"
-Dusty
On Fri, 28 May 2004, Bill Shaver wrote:
> Thanks for the reply. Yes, it is a goofy name, but I am told it does
> have read access on AD (it is in the 'domain user' group).
>
> From: Dustin Doris <[EMAIL PROTECTED]> on Fri, 28 May 2004 13:16:20 -0400
> >
> > Is "CN=User\\, Asteroid,OU=System Accounts..." a valid user with read
> > access to AD?
> >
> > > It seems that this should not be so hard; I am sure I am making a stupid
> > > mistake somewhere, but I just don't see it.
> > >
> > > I am attempting to set up freeradius 0.9.3 (redhat) to use (initially) one
> > > of several Windows 2003 AD for authentication. I am, however, unable to
> > > get the first one to work. I have attached what I think are the relevant
> > > log and configuration sections. The Windows admin is not seeing any
> > > errors in her logs. On the radius side, it seems that radiusd is not able to
> > > negotiate a connection that the ldap server will accept.
> > >
> > > Any recommendations would be appreciated.
> > > --Bill
> > >
> > >
> > > --- ldap config from radiusd.conf
> > >
> > > ldap {
> > > server = "win-dc.win-dom.ctc.edu"
> > > port = 636
> > > identity = "CN=User\\, Asteroid,OU=System
> > > Accounts,OU=CIS,OU=Accounts,DC=WIN-DOM,DC=ctc,DC=edu"
> >
> > ** Is "CN=User\\, Asteroid,OU=System Accounts... a valid user with read
> > access to AD?
> >
> > > password = "****"
> > > start_tls = yes
> > > basedn = "OU=Accounts,DC=WIN-DOM,DC=ctc,DC=edu"
> > > filter = "(SamAccountName=%u)"
> > > dictionary_mapping = ${raddbdir}/ldap.attrmap
> > > ldap_connections_number = 5
> > > timeout = 4
> > > timelimit = 3
> > > net_timeout = 1
> > > ldap_debug = 0x0028
> > > }
> <<snipped>>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
