I've crawled the web for info and tried numerous things to get FreeRadius authenticating users with a 2003 Active Directory.
I'm currently running FreeRadius (with MySQL) on RHEL4 using the RPMs included with RHEL4: freeradius-1.0.1-3.RHEL4 freeradius-mysql-1.0.1-3.RHEL4 Running radiusd in debug mode (-X) shows a successful bind to the AD server. I then can see rlm_ldap performing a search and then eventually fails: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= <snip> rlm_ldap: Bind was successful rlm_ldap: performing search in cn=Users,dc=org,dc=my,dc=domain,dc=com, with filter cn=administrator ldap_search put_filter: "cn=administrator" put_filter: default put_simple_filter: "cn=administrator" ldap_send_initial_request ldap_send_server_request ldap_result msgid 2 ldap_chkResponseList for msgid=2, all=1 ldap_chkResponseList returns NULL wait4msg (timeout 4 sec, 0 usec), msgid 2 wait4msg continue, msgid 2, all 1 ** Connections: * host: org.my.domain.com port: 389 (default) refcnt: 2 status: Connected last used: Wed May 24 12:14:51 2006 ** Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ** Response Queue: Empty ldap_chkResponseList for msgid=2, all=1 ldap_chkResponseList returns NULL ldap_int_select read1msg: msgid 2, all 1 ldap_read: message type search-result msgid 2, original id 2 ldap_chase_referrals read1msg: V2 referral chased, mark request completed, id = 2 new result: res_errno: 1, res_error: <00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece>, res_matched: <> read1msg: 0 new referrals read1msg: mark request completed, id = 2 request 2 done res_errno: 1, res_error: <00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece>, res_matched: <> ldap_free_request (origid 2, msgid 2) ldap_free_connection ldap_free_connection: refcnt 1 ldap_parse_result ldap_err2string rlm_ldap: ldap_search() failed: Operations error ldap_msgfree rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authenticate]: module "ldap" returns fail for request 0 modcall: group authenticate returns fail for request 0 auth: Failed to validate the user. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= I'm not sure if I'm using the wrong ldap search or what. Here's my ldap section of radiusd.conf: server = "org.my.domain.com" ldap_debug = 0xFFFF basedn = "cn=Users,dc=org,dc=my,dc=domain,dc=com" filter = "cn=%u" start_tls = no access_attr = "dialupAccess" dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 Although I'd like to avoid it, but, would it be easier to install SAMBA on the RHES4 box and connect SAMBA to AD and then connect FreeRadius to SAMBA? I've also come across possible issues with certain versions of openldap and 2003 AD? As soon as this part is working I'll be authenticating wireless users (using Cisco APs) as well. But I think that should run fairly smooth as soon as FreeRadius and AD are talking the same language. I hope there are some Radius/AD gurus out there? Many thanks in advance... __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html