Hi. I need advise/help with my problem.
I'm trying to authenticate with 2 LDAP-servers from freeradius, but without
success.
I have two AD with different domains (e.g. domain1 and domain2, and they
are not linked). I'm trying to authenticate by UPN (username@domainX). I
thought it would be possible to regexp User-Name in Authenticate section
and substitute values of LDAP config, but it doesn't work. In
sites-enables/default Authenticate section:
if (User-Name =~ /domain1/i) {
Server1
}
elsif (User-Name =~ /domain2/i) {
Server2
}
in modules/ldap I have:
ldap Server1 {
server = x.x.x.x
identity = user
password = pass
basedn = DC=example1,DC=com
filter = (userPrincipalName=%{User-Name})
ldap_connections_number = 5
timeout = 10
timelimit = 3
net_timeout = 1
tls {
start_tls = no
}
dictionary_mapping = ${confdir}/ldap.attrmap
edir_account_policy_check = no
groupname_attribute = cn
groupmembership_filter =
(|((objectClass=GroupOfNames)(member=%{Ldap-UserDn}))((objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
groupmembership_attribute = memberOf
chase_referrals = yes
rebind = yes
}
ldap Server2 {
server = x.x.x.x
identity = user
password = pass
basedn = DC=example2,DC=com
}
filter = (userPrincipalName=%{User-Name})
ldap_connections_number = 5
timeout = 10
timelimit = 3
net_timeout = 1
tls {
start_tls = no
}
dictionary_mapping = ${confdir}/ldap.attrmap
edir_account_policy_check = no
groupname_attribute = cn
groupmembership_filter =
(|((objectClass=GroupOfNames)(member=%{Ldap-UserDn}))((objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
groupmembership_attribute = memberOf
chase_referrals = yes
rebind = yes
# ldap_debug = 0x
}
If user@domain1 (on any other) belongs to group mobile in AD - I send
Access-Accept.
When I start FreeRadius in debug mode - I don't see any regexp information.
With current config-file freeradius will use only ldap server2 to
authenticate users.
Is any way to te authenticate with multiple AD
Thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
