FreeRADIUS 3 + LDAP Module + Active Directory

Amir Kalhori kalhori at live.com
Thu Jun 8 23:28:35 CEST 2017 

Hi Matthew,


I created symlink and it works thanks but I get some warnings and errors


(5)  WARNING: ldap : No "known good" password added. Ensure the admin user has permission to read the password attribute
(5)  WARNING: ldap : PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure)
rlm_ldap (ldap): Deleting connection (8)
rlm_ldap (ldap): 0 of 0 connections in use.  Need more spares
rlm_ldap (ldap): Opening additional connection (9)
rlm_ldap (ldap): Connecting to tourismit.ir:389
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
(5)   [ldap] = ok
(5)   [expiration] = noop
(5)   [logintime] = noop
(5)  WARNING: pap : No "known good" password found for the user.  Not setting Auth-Type
(5)  WARNING: pap : Authentication will fail unless a "known good" password is available
(5)   [pap] = noop
(5)  } #  authorize = ok
(5) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
(5) Failed to authenticate the user
(5) Using Post-Auth-Type Reject
(5) # Executing group from file /etc/raddb/sites-enabled/default
(5)  Post-Auth-Type REJECT {
(5)  attr_filter.access_reject : EXPAND %{User-Name}
(5)  attr_filter.access_reject :    --> a.kalhori
(5)  attr_filter.access_reject : Matched entry DEFAULT at line 11
(5)   [attr_filter.access_reject] = updated
(5)  eap : Request didn't contain an EAP-Message, not inserting EAP-Failure
(5)   [eap] = noop
(5)   remove_reply_message_if_eap remove_reply_message_if_eap {
(5)     if (&reply:EAP-Message && &reply:Reply-Message)
(5)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(5)    else else {
(5)     [noop] = noop
(5)    } # else else = noop
(5)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(5)  } # Post-Auth-Type REJECT = updated
(5) Delaying response for 1 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(5) Sending delayed response
(5) Sending Access-Reject packet to host 10.100.103.2 port 45423, id=33, length=0
Sending Access-Reject Id 33 from 10.10.100.30:1812 to 10.100.103.2:45423
Waking up in 3.9 seconds.
(5) Cleaning up request packet ID 33 with timestamp +801



________________________________
From: Freeradius-Users <freeradius-users-bounces+kalhori=live.com at lists.freeradius.org> on behalf of Matthew Newton <matthew at newtoncomputing.co.uk>
Sent: Thursday, June 8, 2017 8:41 PM
To: FreeRadius users mailing list
Subject: Re: FreeRADIUS 3 + LDAP Module + Active Directory



On 8 June 2017 21:32:49 BST, Amir Kalhori <kalhori at live.com> wrote:
>I am trying to integrate FreeRADIUS 3 with Active Directory through
>FreeRADIUS LDAP module and I do not want to use SAMBA !

Why not? It's generally the only sane way to do it with AD.

>After configuration LDAP I get below error.
>
>/etc/raddb/sites-enabled/default[489]: Failed to find "ldap" in the "modules" section.

Symlink mods-available/ldap to mods-enabled/ldap so that the config is actually loaded.

--
Matthew

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS -- users' list info<http://www.freeradius.org/list/users.html>
www.freeradius.org
Users' List Information. The freeradius-users mailing list is for users of the FreeRADIUS server not Cistron's server! There are a few house-rules to which we'd like ...

More information about the Freeradius-Users mailing list