Thanks for the very detailed instructions.
I will attempt this shortly (bought rad ad servers home for weekend study).
Quite possible the biggest learning curve for me is the ldap fields
but I am finally starting to get familar with them.
Cheers again, will post back once Ive run the radtest.
Hi David,
Thanks for your help! I use the port version of FR and also use portupgrade.
The FreeBSD base OpenSSL is indeed rather old, so I did have OpenSSL
(With_overwrite_Base) already installed from the ports.
I found something wrong with the server certificates (very strange, because
nothing
radiusd.conf: http://pastebin.ca/464133
radius -X ouput: http://pastebin.ca/464138
Tried with 1.1.6 and fails with this error:
rlm_ldap: reading ldap-radius mappings from file /etc/raddb/ldap.attrmap
rlm_ldap: Opening file /etc/raddb/ldap.attrmap failed
rlm_ldap: Reading dictionary mappings from
OK tried with 1.1.4 and yerp works great.
radiusd -X output: http://pastebin.ca/464153
radiusd.conf: http://pastebin.ca/464156
I also realised a mistake I have been making, see I want to search the
whole active directory, hence I kept setting my basedn without an ou.
After seeing your excellent
-Original Message-
From:
[EMAIL PROTECTED]
eradius.org [mailto:freeradius-users-
[EMAIL PROTECTED] On
Behalf Of Jacob Jarick
Sent: Sunday, 29 April 2007 20:48
To: FreeRadius users mailing list
Subject: Re: Freeradius Auth via LDAP against Active
Directory Server 2003
OK
Thanks frank,
Regarding searching base dn from parent node (correct term I hope) I
did try on the weekend but to no success but retrying today worked
fine :) (quite possibly me doing more that one change at a time
again).
I also added the filter as per your suggestion.
I appreciate the feedback
radiusd.conf: http://pastebin.ca/465399
radius -X output: http://pastebin.ca/465404
After following phils guide on the weekend I successfully got both
radtest and radping to return auth-accept packets. The default windows
client wouldnt auth but they dont do PAP as I undertstand. I am
currently
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = 'swinter' ORDER BY id'
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroup
check.Value,radgroupcheck.op FROM
Well after some more googling I have come to the conclusion I need to
setup EAP-TTLS which If I understand correctly supports tunneling of
PAP through ssl. So my current goal is to enable EAP-TTLS test then
report.
On 4/30/07, Jacob Jarick [EMAIL PROTECTED] wrote:
radiusd.conf:
9 matches
Mail list logo