I must be doing something wrong in my filtering because it keeps dumping
me into unclassified instead of passing the group I assigned. I have
setup a security group specifically for this test and i am indeed in the
group.
I set it up like this in sites-enabled/inner-tunnel because it seemed
this
On 20/05/11 15:14, Doty, Seth wrote:
I must be doing something wrong in my filtering because it keeps dumping
me into unclassified instead of passing the group I assigned. I have
setup a security group specifically for this test and i am indeed in the
group.
I set it up like this in
I changed my baseDN to: basedn = ou=test,dc=AD,dc=ne,dc=gov and this
results in the same failure in the group section.
rlm_ldap: object not found
rlm_ldap::ldap_groupcmp: search failed
I cant remove the ou=test portion or authentication fails completely and
i get a reject:
[ldap] performing
On 20/05/11 16:27, Doty, Seth wrote:
I changed my baseDN to: basedn = ou=test,dc=AD,dc=ne,dc=gov and this
results in the same failure in the group section.
rlm_ldap: object not found
rlm_ldap::ldap_groupcmp: search failed
I cant remove the ou=test portion or authentication fails completely and
That is the fun i am having. The baseDN of dc=AD,dc=ne,dc=gov DOES work
from ldapsearch and these are actually the credentials i have received
from our LDAP admins. One of the more specific options I received must
be wrong
That all being said though you are responding with an answer that at
So far I have the ldap component querying AD correctly and I have the
ntlm_auth component doing the same and each individually passing from a
radtest. My question now revolves around passing the groups in our
setup and if this is even possible using the protocols listed above.
Unfortunately,
On 18/05/11 16:21, Doty, Seth wrote:
So far I have the ldap component querying AD correctly and I have the
ntlm_auth component doing the same and each individually passing from a
radtest. My question now revolves around passing the groups in our
setup and if this is even possible using the
=waddell@lists.freeradius.org
[mailto:freeradius-users-bounces+ggatten=waddell@lists.freeradius.org] On
Behalf Of Phil Mayers
Sent: Wednesday, May 18, 2011 10:58 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: Active directory groups
On 18/05/11 16:21, Doty, Seth wrote:
So far I
On 18/05/11 17:22, Gary Gatten wrote:
If one has (just for example) 1000 groups, this is a lot of overhead
Sure (I did see your query the other day - I just haven't had a chance
to write up a reply, but see below)
- checking every group. Also, what if they belong to several groups?
9 matches
Mail list logo
