On 6/16/04 2:47 PM, Veerabhushan Hatte at <[EMAIL PROTECTED]> wrote:
> Thank you for your detailed mail. It is very useful. I have couple of minor
> questions in LDAP configuration. Here they are,
> ldap {
> ......
> server = "192.168.2.5"
> identity = "cn=ldapuser,cn=users,dc=foo1,dc=com"
> password = foopass
> basedn = "cn=users,dc=foo1,dc=com"
> .......
> }
> I have created a user called wirelessuser under newgroup on the windows server
> running DNS and LDAP whose domain name is testsci.foo.com.
>
> I am having trouble in configuring identity and basedn parameters. Could you
> help me in filling up these values? Setup is as follows,
>
> wirelessuser 192.168.10.201 192.168.10.203
> wireless client -------- AP -------- freeRADIUS -------- WIndows AD/LDAP
> 192.168.10.200 192.168.10.202 (testsci.foo.com)
>
> newgroup
>
> |
>
> wireless user
>
> password field represents whose password? Is it wireless user or windows
> administrator? I am assuming it belongs to user.
You need a user, in AD, that will be used to authenticate the wireless
users. In my config above, that user is named 'ldapuser'. The password
'foopass' is the password for the 'ldapuser'.
So yours should read:
> server = "192.168.10.203"
> identity = "cn=ldapuser,cn=users,dc=testsci,dc=foo,dc=com"
> password = foopass
> basedn = "cn=users,dc=testsci,dc=foo,dc=com"
Add a user to your AD called 'ldapuser', with password 'foopass' and make
sure the Display Name is also 'ldapuser'.
Then make sure your 'wirelessuser' account is in the basedn above: The Users
container of your AD.
'wirelessuser' should autz and auth. If it still does not look at the debug
output of radiusd (radiusd -xx)to see where it is failing. You may have to
move your user accounts in the AD or change the location of the basedn to
make sure it finds them during authorization.
-Michael Check
--
Solo Group, Inc. # mcheck (at) sologroup (dot) com
Chicago, Illinois # http://www.sologroup.com/
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
