Hi. I need advise/help with my problem. I'm trying to authenticate with 2 LDAP-servers from freeradius, but without success. I have two AD with different domains (e.g. domain1 and domain2, and they are not linked). I'm trying to authenticate by UPN (username@domainX). I thought it would be possible to regexp User-Name in Authenticate section and substitute values of LDAP config, but it doesn't work. In sites-enables/default Authenticate section: if (User-Name =~ /domain1/i) { Server1 } elsif (User-Name =~ /domain2/i) { Server2 } in modules/ldap I have: ldap Server1 { server = "x.x.x.x" identity = "user" password = pass basedn = "DC=example1,DC=com" filter = "(userPrincipalName=%{User-Name})" ldap_connections_number = 5 timeout = 10 timelimit = 3 net_timeout = 1 tls { start_tls = no } dictionary_mapping = ${confdir}/ldap.attrmap edir_account_policy_check = no groupname_attribute = cn groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" groupmembership_attribute = memberOf chase_referrals = yes rebind = yes }
ldap Server2 { server = "x.x.x.x" identity = "user" password = pass basedn = "DC=example2,DC=com" } filter = "(userPrincipalName=%{User-Name})" ldap_connections_number = 5 timeout = 10 timelimit = 3 net_timeout = 1 tls { start_tls = no } dictionary_mapping = ${confdir}/ldap.attrmap edir_account_policy_check = no groupname_attribute = cn groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" groupmembership_attribute = memberOf chase_referrals = yes rebind = yes # ldap_debug = 0xFFFF } If user@domain1 (on any other) belongs to group "mobile" in AD - I send Access-Accept. When I start FreeRadius in debug mode - I don't see any regexp information. With current config-file freeradius will use only ldap server2 to authenticate users. Is any way to te authenticate with multiple AD Thanks
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html