On 09/10/12 07:51, martin.heinzm...@belden.com wrote:
Hi, I thought the whole meaning of binding a freeRadius to an Active Directory is that I have from now on just to configure Users in the AD. So every device I want to authenticate on asks the FR which then asks the AD. So the AD will answer if the User is valid and which Service-Type he has.
Service-Type is a RADIUS thing. AD is a Microsoft LDAP server & some other protocols. It doesn't have a Service-Type attribute. You will need to query AD, and define a mapping from some AD attribute to Service-Type.
You will need to use the "ldap" module for this; see in particular ldap.attrmap that lets you define mappings from LDAP attributes to RADIUS reply attributes.
Note: the LDAP bit of AD is really separate from the "authentication" bit. They're separate, and are configured separately.
On my AD Server I installed the Role NPS, configured a RADIUS-Client and some Network Policies. Maybe I am on the right way, maybe not... :-(
I doubt it. I don't see how that would help.
The AD succesfully tells the FR if the user is valid, just that Service-Type is missing.
Again - Service-Type is a RADIUS thing. AD doesn't speak RADIUS. You need to define a translation / mapping.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
