On 6/16/04 2:47 PM, Veerabhushan Hatte at <[EMAIL PROTECTED]> wrote: > Thank you for your detailed mail. It is very useful. I have couple of minor > questions in LDAP configuration. Here they are, > ldap { > ...... > server = "192.168.2.5" > identity = "cn=ldapuser,cn=users,dc=foo1,dc=com" > password = foopass > basedn = "cn=users,dc=foo1,dc=com" > ....... > } > I have created a user called wirelessuser under newgroup on the windows server > running DNS and LDAP whose domain name is testsci.foo.com. > > I am having trouble in configuring identity and basedn parameters. Could you > help me in filling up these values? Setup is as follows, > > wirelessuser 192.168.10.201 192.168.10.203 > wireless client -------- AP -------- freeRADIUS -------- WIndows AD/LDAP > 192.168.10.200 192.168.10.202 (testsci.foo.com) > > newgroup > > | > > wireless user > > password field represents whose password? Is it wireless user or windows > administrator? I am assuming it belongs to user.
You need a user, in AD, that will be used to authenticate the wireless users. In my config above, that user is named 'ldapuser'. The password 'foopass' is the password for the 'ldapuser'. So yours should read: > server = "192.168.10.203" > identity = "cn=ldapuser,cn=users,dc=testsci,dc=foo,dc=com" > password = foopass > basedn = "cn=users,dc=testsci,dc=foo,dc=com" Add a user to your AD called 'ldapuser', with password 'foopass' and make sure the Display Name is also 'ldapuser'. Then make sure your 'wirelessuser' account is in the basedn above: The Users container of your AD. 'wirelessuser' should autz and auth. If it still does not look at the debug output of radiusd (radiusd -xx)to see where it is failing. You may have to move your user accounts in the AD or change the location of the basedn to make sure it finds them during authorization. -Michael Check -- Solo Group, Inc. # mcheck (at) sologroup (dot) com Chicago, Illinois # http://www.sologroup.com/ -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html