Hi, I spent some time trying to put working together FR+AD and presently i'm using ntlm to authenticate users through mschap against the AD. It is working.
Next step is try to allow access only to specific users belonging to a Group from the AD, but it is not working. I post here the important i have configured untill now: 1. users file: DEFAULT Ldap-Group != "wireless", Auth-Type := Reject 2. /usr/local/etc/raddb/sites-enabled/inner-tunnel and default: # uncommented ldap from authorize function 3. /modules/ldap: server = "192.168.1.10" port = 389 identity = "cn=Administrator,cn=users,dc=DOT1X,dc=local" password = 123456 basedn = "dc=DOT1X,dc=local" filter = "(&(sAMAccountName=%{Stripped-User-Name:-%{User-Name}}))" base_filter = "(objectclass=radiusprofile)" groupmembership_filter = "(|(&(objectClass=group)(member=%{Ldap-UserDn}))(&(objectClass=top)(uniquemember=%{Ldap-UserDn})))" groupmembership_attribute = memberOf Do you have any idea what can be missing? I send also the debub: ldap_chase_v3referral: msgid 15, url "ldap://dot1x.local/CN=Configuration,DC=dot1x,DC=local" ldap_send_server_request ldap_new_connection 0 1 1 ldap_int_open_connection ldap_connect_to_host: TCP dot1x.local:389 ldap_new_socket: 15 ldap_prepare_socket: 15 ldap_connect_to_host: Trying 192.168.1.10:389 ldap_pvt_connect: fd: 15 tm: 1 async: 0 ldap_ndelay_on: 15 ldap_int_poll: fd: 15 tm: 1 ldap_is_sock_ready: 15 ldap_ndelay_off: 15 ldap_pvt_connect: 0 anonymous rebind via ldap_sasl_bind("") ldap_sasl_bind ldap_send_initial_request ldap_send_server_request ldap_result ld 0x818f1f8 msgid 25 wait4msg ld 0x818f1f8 msgid 25 (timeout 100000 usec) wait4msg continue ld 0x818f1f8 msgid 25 all 1 ** ld 0x818f1f8 Connections: * host: dot1x.local port: 0 refcnt: 2 status: Connected last used: Wed Sep 23 21:25:55 2009 rebind in progress queue is empty * host: DomainDnsZones.dot1x.local port: 0 refcnt: 1 status: Connected last used: Wed Sep 23 21:25:55 2009 * host: 192.168.1.10 port: 389 (default) refcnt: 2 status: Connected last used: Wed Sep 23 21:25:55 2009 ** ld 0x818f1f8 Outstanding Requests: * msgid 25, origid 25, status InProgress outstanding referrals 0, parent count 0 * msgid 22, origid 15, status InProgress outstanding referrals 0, parent count 3 * msgid 18, origid 15, status RequestCompleted outstanding referrals 0, parent count 2 * msgid 16, origid 15, status RequestCompleted outstanding referrals 0, parent count 1 * msgid 15, origid 15, status ChasingRefs outstanding referrals 2, parent count 3 ld 0x818f1f8 request count 5 (abandoned 0) ** ld 0x818f1f8 Response Queue: * msgid 15, type 115 chained responses: * msgid 15, type 115 * msgid 15, type 115 ld 0x818f1f8 response count 1 ldap_chkResponseList ld 0x818f1f8 msgid 25 all 1 ldap_chkResponseList returns ld 0x818f1f8 NULL ldap_int_select read1msg: ld 0x818f1f8 msgid 25 all 1 read1msg: ld 0x818f1f8 msgid 25 message type bind read1msg: ld 0x818f1f8 0 new referrals read1msg: mark request completed, ld 0x818f1f8 msgid 25 request done: ld 0x818f1f8 msgid 25 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 25, msgid 25) ldap_free_connection 0 1 ldap_free_connection: refcnt 1 ldap_parse_result ldap_msgfree read1msg: search ref chased, mark request chasing refs, id = 15 adding response ld 0x818f1f8 msgid 15 type 115: wait4msg ld 0x818f1f8 3 s 972321 us to go wait4msg continue ld 0x818f1f8 msgid 15 all 1 ** ld 0x818f1f8 Connections: * host: dot1x.local port: 0 refcnt: 1 status: Connected last used: Wed Sep 23 21:25:55 2009 * host: DomainDnsZones.dot1x.local port: 0 refcnt: 1 status: Connected last used: Wed Sep 23 21:25:55 2009 * host: 192.168.1.10 port: 389 (default) refcnt: 2 status: Connected last used: Wed Sep 23 21:25:55 2009 ** ld 0x818f1f8 Outstanding Requests: * msgid 24, origid 15, status InProgress outstanding referrals 0, parent count 4 * msgid 22, origid 15, status InProgress outstanding referrals 0, parent count 3 * msgid 18, origid 15, status RequestCompleted outstanding referrals 0, parent count 2 * msgid 16, origid 15, status RequestCompleted outstanding referrals 0, parent count 1 * msgid 15, origid 15, status ChasingRefs outstanding referrals 2, parent count 4 ld 0x818f1f8 request count 5 (abandoned 0) ** ld 0x818f1f8 Response Queue: * msgid 15, type 115 chained responses: * msgid 15, type 115 * msgid 15, type 115 * msgid 15, type 115 ld 0x818f1f8 response count 1 ldap_chkResponseList ld 0x818f1f8 msgid 15 all 1 ldap_chkResponseList returns ld 0x818f1f8 NULL ldap_int_select read1msg: ld 0x818f1f8 msgid 15 all 1 read1msg: ld 0x818f1f8 msgid 22 message type search-result ldap_chase_referrals read1msg: V2 referral chased, mark request completed, id = 22 read1msg: ld 0x818f1f8 0 new referrals read1msg: mark request completed, ld 0x818f1f8 msgid 22 merged parent (id 15) error info: result errno 1, error <>, matched <> ldap_free_connection 0 1 ldap_send_unbind ldap_free_connection: actually freed wait4msg ld 0x818f1f8 3 s 972094 us to go wait4msg continue ld 0x818f1f8 msgid 15 all 1 ** ld 0x818f1f8 Connections: * host: dot1x.local port: 0 refcnt: 1 status: Connected last used: Wed Sep 23 21:25:55 2009 * host: 192.168.1.10 port: 389 (default) refcnt: 2 status: Connected last used: Wed Sep 23 21:25:55 2009 ** ld 0x818f1f8 Outstanding Requests: * msgid 24, origid 15, status InProgress outstanding referrals 0, parent count 4 * msgid 22, origid 15, status RequestCompleted outstanding referrals 0, parent count 3 * msgid 18, origid 15, status RequestCompleted outstanding referrals 0, parent count 2 * msgid 16, origid 15, status RequestCompleted outstanding referrals 0, parent count 1 * msgid 15, origid 15, status ChasingRefs outstanding referrals 1, parent count 4 ld 0x818f1f8 request count 5 (abandoned 0) ** ld 0x818f1f8 Response Queue: * msgid 15, type 115 chained responses: * msgid 15, type 115 * msgid 15, type 115 * msgid 15, type 115 ld 0x818f1f8 response count 1 ldap_chkResponseList ld 0x818f1f8 msgid 15 all 1 ldap_chkResponseList returns ld 0x818f1f8 NULL ldap_int_select read1msg: ld 0x818f1f8 msgid 15 all 1 read1msg: ld 0x818f1f8 msgid 15 message type search-result read1msg: ld 0x818f1f8 0 new referrals read1msg: mark request completed, ld 0x818f1f8 msgid 15 ldap_free_connection 0 1 ldap_free_connection: refcnt 1 wait4msg ld 0x818f1f8 3 s 971737 us to go wait4msg continue ld 0x818f1f8 msgid 15 all 1 ** ld 0x818f1f8 Connections: * host: dot1x.local port: 0 refcnt: 1 status: Connected last used: Wed Sep 23 21:25:55 2009 * host: 192.168.1.10 port: 389 (default) refcnt: 1 status: Connected last used: Wed Sep 23 21:25:55 2009 ** ld 0x818f1f8 Outstanding Requests: * msgid 24, origid 15, status InProgress outstanding referrals 0, parent count 4 * msgid 22, origid 15, status RequestCompleted outstanding referrals 0, parent count 3 * msgid 18, origid 15, status RequestCompleted outstanding referrals 0, parent count 2 * msgid 16, origid 15, status RequestCompleted outstanding referrals 0, parent count 1 * msgid 15, origid 15, status RequestCompleted outstanding referrals 1, parent count 4 ld 0x818f1f8 request count 5 (abandoned 0) ** ld 0x818f1f8 Response Queue: * msgid 15, type 115 chained responses: * msgid 15, type 115 * msgid 15, type 115 * msgid 15, type 115 ld 0x818f1f8 response count 1 ldap_chkResponseList ld 0x818f1f8 msgid 15 all 1 ldap_chkResponseList returns ld 0x818f1f8 NULL ldap_int_select read1msg: ld 0x818f1f8 msgid 15 all 1 read1msg: ld 0x818f1f8 msgid 24 message type search-result ldap_chase_referrals read1msg: V2 referral chased, mark request completed, id = 24 read1msg: ld 0x818f1f8 0 new referrals read1msg: mark request completed, ld 0x818f1f8 msgid 24 merged parent (id 15) error info: result errno 1, error <00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece>, matched <> request done: ld 0x818f1f8 msgid 15 res_errno: 1, res_error: <00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece>, res_matched: <> ldap_free_request (origid 15, msgid 15) ldap_free_request (origid 15, msgid 24) ldap_free_request (origid 15, msgid 22) ldap_free_request (origid 15, msgid 18) ldap_free_request (origid 15, msgid 16) ldap_free_connection 0 1 ldap_send_unbind ldap_free_connection: actually freed adding response ld 0x818f1f8 msgid 15 type 101: ldap_parse_result ldap_err2string rlm_ldap: ldap_search() failed: Operations error ldap_msgfree [ldap] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns fail Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> dot1x\user3 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 1 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 1 Sending Access-Reject of id 66 to 192.168.1.7 port 1645 Waking up in 4.9 seconds -- View this message in context: http://www.nabble.com/Allow-users-from-a-specific-DA-group-tp25544888p25544888.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html