> -----Original Message----- > From: > [EMAIL PROTECTED] eradius.org [mailto:freeradius-users-> [EMAIL PROTECTED] On > Behalf Of Jacob Jarick > Sent: Sunday, 29 April 2007 20:48 > To: FreeRadius users mailing list > Subject: Re: Freeradius Auth via LDAP against Active > Directory Server 2003 > > OK tried with 1.1.4 and yerp works great. > > radiusd -X output: http://pastebin.ca/464153 > radiusd.conf: http://pastebin.ca/464156 > > I also realised a mistake I have been making, see I want to > search the whole active directory, hence I kept setting my > basedn without an ou. > After seeing your excellent example and auth'ing had failed I > stuck in an OU and tried a user from the OU and worked fine. > > So my questions is this, to auth people from multiple OU's do > I create a new ldap module for each OU or is their a simpler way. >
You should be able to set the base DN at the parent node, because the search is a subtree search. In my setup (openldap, not AD) I also use the base_filter directive in radiusd.conf to restrict the type of records to be searched. I use base_filter = "(objectclass=radiusprofile)" You should use base_filter = "(objectclass=user)" This goes into the ldap Section somewhere near the basedn line. Regards, Frank Ranner - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html