Hello Mr. DeKok Thank you for the fast response. The password is clear-text. We are using ethereal to debug why we are getting "Operations Error" on the Search Result. The Operation Errors comment is the following: "In order to perform this operation a successful bind must be completed."
The search request on ethereal from Freeradius to the active directory gives the following: Message Type: Search Request Message Length: 96 Response In: 469 Base DN: dc=test, dc=prt Scope: subtree (0x02) Derefence: Never (0x00) Size Limit: 0 Time Limit: 4 Attributes only: False Filter: (&(objectclass=person)(sAMAccountName=%u)) Attribute: uid ????we are not sending this attribute and we do not know where it is specified on Freeradius Here are the settings given for LDAP module on radius.conf and user file: #radius.conf ldap { server="xxx.xx.xxx.xxx" identity ="" # If this is suppose to be the bind dn??? password = "mypassword" basedn ="dc=test,dc=prt" #filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" filter ="(&(objectclass=person) (sAMAccountName=%u))" # set this to 'yes' to use TLS encrypted connections # to the LDAP database by using the StartTLS extended # operation. # The StartTLS operation is supposed to be used with normal # ldap connections instead of using ldaps (port 689) connections start_tls = no # tls_cacertfile = /path/to/cacert.pem # tls_cacertdir = /path/to/ca/dir/ # tls_certfile = /path/to/radius.crt # tls_keyfile = /path/to/radius.key # tls_randfile = /path/to/rnd # tls_require_cert = "demand" # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA" # profile_attribute = "radiusProfileDn" access_attr = "dialupAccess" # Mapping of RADIUS dictionary attributes to LDAP # directory attributes. dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 timeout =5 timelimit =4 net_timeout =2 compare_check_items = yes } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } unix Auth-Type LDAP { ldap } eap } #users file DEFAULT Auth-Type := LDAP Fall-Through = 1 Can you please tell us if there is something wrong or if we are missing something on the configuration files? Thanks in advance, Nataly On 2/25/06, Alan DeKok <[EMAIL PROTECTED]> wrote: > "Natalia Escalera" <[EMAIL PROTECTED]> wrote: > > I am setting up freeradius with Microsoft Active Directory. So far, I > > am able to connect to the server but not to authenticate a user. Can > > you please give me a hint of how the configuration files need to be > > set in order to authenticate the user. > > If the RADIUS packets have clear-text passwords, then the normal > LDAP module should work. If you're using PEAP or MS-CHAP, read > "radiusd.conf",m and use "ntlm_auth". > > > Also, what is "3D" used for? (Example: server =3D your.ad.server.org ...) > > Nothing. It's an artifact of stupid mailers. 3D is ASCII for '='. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html