On Thu, 7 Oct 2004, Michael Benton wrote: > Hello, > > FreeRadius 1.0.1 > Linux RHES3.1 > > Does anyone know how to configure the FreeRadius server to to a LDAP query on a > Win2003 AD server, and to look at the whole AD tree > ? > We have for some unknown reason, multiple OU's with users in each, rather than one > OU in which all users are configured. > If I set the basedn to a particular OU - i can authenticate users OK, but when I set > it back to the top level "dc=ukcl,dc=net" the > auth fail with user unknown ? > I have used a LDAP browser to do a search from the same basedn="dc=ukcl,dc=net", > with the "subtree" option active, and it finds the > users OK. How do you specify the "subtree" option in the radiusd.conf file ? do if > have to include "ou=*" as below ? > > Any hints would be greatly appreciated. > > ldap { > server = "hqdc1.ukcl.net" > identity = "cn=freeradius,ou=Administrators,dc=ukcl,dc=net" > password = pExF%5Yf > basedn = "dc=ukcl,dc=net" > filter = "(&(ou=*)(objectClass=person)(samaccountname=%{User-Name}))" > ..... > } > > I do not have OpenLDAP installed on my linux box. Do i need this installed ? even > though i am directing queries to the Win2003 > server directly ?
Take a look at Global Catalog, see the list archives for details. > > Thanks > > Michael Benton > > E-mail scanned for all viruses by Star Internet, powered by MessageLabs > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html