3.48.2. AuthUser Previous topic Parent topic Child topic Next topic

This parameter defines how to construct the Active Directory user name to be authenticated by Active Directory. You can choose whether to use standard NTLM user names or AD Distinguished Names. This is a different concept to BindString, which specifies what AD object to get account details from.
The default is %0, which will try to authenticate the user name sent by the NAS (after RewriteUsernames have been applied).
This example will authenticate the user from an AD user record in the ‘csx users’ Organizational Unit, and get account details from the same AD record. Unlike NTLM user names, it will even work for user names with spaces in them. Note that you need to specify AuthFlags of 0 in order to use an Active Directory DN in AuthUser.
BindString LDAP://cn=%0,ou=csx users,dc=open,dc=com,dc=au
AuthUser cn=%0,ou=csx users,dc=open,dc=com,dc=au
AuthFlags 0