Free radius authentication with AD using ldap
Vikash.Gounder at acu.edu.au
Tue Nov 29 00:29:33 CET 2011
So in this case what changes do I need to make in order for it to work.
Sorry am bit lost right now.
Thanks and appreciate it.
Sent from my iPhone
On 29/11/2011, at 10:22 AM, "Fajar A. Nugraha" <list at fajar.net> wrote:
> On Tue, Nov 29, 2011 at 4:03 AM, Vikash Gounder
> <Vikash.Gounder at acu.edu.au> wrote:
>> Hi Fajar,
>> Thanks so much for replying.
>> The debug log for local test against AD is attached:
>> Listening on authentication address * port 1812
>> Listening on accounting address * port 1813
>> Listening on command file /var/run/radiusd/radiusd.sock
>> Listening on proxy address * port 1814
>> Ready to process requests.
>> rad_recv: Access-Request packet from host 127.0.0.1 port 35067, id=16, length=61
>> User-Name = "uldaptest"
> See this line?
>> User-Password = "usk.173n!"
>> [ldap] user DN: CN=Unilinc ldaptest,OU=System Accounts,OU=Generic Accounts,DC=acustaff,DC=acu,DC=edu,DC=au
>> rlm_ldap: (re)connect to acustaff.acu.edu.au:3268, authentication 1
>> rlm_ldap: bind as CN=Unilinc ldaptest,OU=System Accounts,OU=Generic Accounts,DC=acustaff,DC=acu,DC=edu,DC=au/usk.173n! to acustaff.acu.edu.au:3268
>> rlm_ldap: waiting for bind result ...
>> rlm_ldap: Bind was successful
>> [ldap] user uldaptest authenticated succesfully
> This is ldap bind. It'll work if the user password is available as
> plain text in the request (e.g. using PAP with radtest). It will not
> work if the user password is not available in the request (e.g.
>> I got a question for you?? If only using for WPA, do I also need to configure samba and use nltm_auth, since this radius device will be used by ipad, netbooks etc etc etc....
> Yes, since you set your AP to use WPA2/radius auth the clients will
> usually use EAP-PEAP-MSCHAPv2, where user password is not available as
> plain text in the request.
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users