How to configure non-priveleged LDAP bind in FreeRADIUS 3.0.11

[Alan DeKok]

On Jul 23, 2019, at 3:13 PM, Kev Xlr <kevxlre at gmail.com> wrote:
> 
> I know this is an old thread, but I am attempting to configure the same scenario in Freeradius. 
> 
> The backend database is Azure AD DS with LDAPS enabled, and the goal is to have EAP-TTLS/PAP for wifi access points. Obviously passwords are not in cleartext so users should be authenticated by a simple LDAP bind by the rlm_ldap module.

  As Matthew said, the client is doing PEAP.  Fix that.

> I added Alan’s if statement to default and inner-tunnel to force Auth-Type LDAP

  Nope.

  Nothing in the debug output shows it setting "Auth-Type LDAP".  As an example, in packet 7 it sets Proxy-To-Realm := LOCAL:

(7)       update control {
(7)         &Proxy-To-Realm := LOCAL
(7)       } # update control = noop

  See?  If there was:

	update control {
		Auth-Type := LDAP
	}

  then it would show up in the debug output.  Since it's not there, it's not configured to do Auth-Type LDAP.

  This is why we ALWAYS say (a) run it in debug mode, and (b) READ the debug output.

  Which files are you edited?  Again from the debug output, it's reading:

/usr/local/Cellar/freeradius-server/3.0.19/etc/raddb/sites-enabled/inner-tunnel

  Did you edit that file?  Or another one?

  Alan DeKok.