default authentication via windows active directory LDAP instead of /users

 Konstantin Knaab-Hinrichs paradonym at googlemail.com
Wed Mar 8 16:38:14 CET 2017


To solve this I removed the comment from

         chase_referrals = yes
         rebind = yes

in the tls section of /modules/ldap and restarted the service and
freeradius -X.
The warning messages hadn't changed. Everything described in the .conf
files should now be the way it should.
http://wiki.freeradius.org/modules/Rlm_ldap somehow describes something
different than the installed .conf files.
http://confluence.diamond.ac.uk/display/PAAUTH/Using+LDAP+as+authentication+source
<http://confluence.diamond.ac.uk/display/PAAUTH/Using+LDAP+as+authentication+source>
(the
wiki links to this article) states that eap.conf (/freeradius/eap.conf in
my case) that nothing has to be changed in eap.conf if you use Microsoft
PEAP - which I think is the case for a microsoft domain controller.

After editing /sites-available/inner-tunnel (the mods-available alternative
for debian I think) like the above diamond.ac.uk link states results in
these messages when trying to debug-start freeradius

>
> /etc/freeradius/sites-enabled/inner-tunnel[170]: ERROR: Unknown value ldap
> for attribute Auth-Type
> /etc/freeradius/sites-enabled/inner-tunnel[169]: Failed to parse "update"
> subsection.
> /etc/freeradius/sites-enabled/inner-tunnel[48]: Errors parsing authorize
> section.


LDAP connection seems to be possible ([ldap] Bind was successful) and ++[ldap]
= fail states that the LDAP didn't reply to the specific question if $USER
is in the database or specifically said it isn't in the db.


More information about the Freeradius-Users mailing list