well, I changed conf.php to
"lookupuserbeforeauth" => 1, # set this to 1 to have VCL use
masterlogin to lookup the full DN of the user
#
and use that for the ldap bind to auth the user instead of just using the
userid
#
field from above
"lookupuserfield" => 'samaccountname'and it's working
