ldap authentication works on v1.1.4 but fails on 2.1.3

tnt at kalik.net tnt at kalik.net
Sun Mar 15 22:55:50 CET 2009


>I've been successfully using FreeRADIUS 1.1.4 to authenticate users
>against Active Directory using LDAP and a plaintext password.
>
>In the authorize section FreeRADIUS anonymously binds to our LDAP server
>(Active Directory) and searches for the user identified in the
>Access-Request (in my case we change the default search filter to
>'sAMAccountName' as our AD doesn't contain 'uid'). If a match is found I
>think the user's full Distinguised Name (e.g.
>CN=bill,DC=foo,DC=ac,DC=uk) is added to the list of check items, and
>Auth-Type is set to 'ldap'. In the authenticate section, FreeRADIUS
>binds to the LDAP server using the user's full DN and the password
>supplied in the Access-Request. If the bind is successful, the user is
>authenticated because the password must have been correct.
>
>I've recently updated a server to FreeRADIUS 2.1.3 and all
>authentications now fail. LDAP is not set as the authentication method
>during the authorize section. I don't know why as I can't seen any
>configuration options which I've set differently between the two
>versions. I still get the debug message "Info: [ldap] user <username>
>authorized to use remote access" in the authorize section, so this
>suggests that the anonymous bind and search work ok.
>
>Does any one have any ideas? Have I made a stupid configuration error,
>or did I miss something in the latest documentation?
>

Uncomment set_auth_type = yes in raddb/modules/ldap.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list