Freeradius 3 with LDAP Authentication Bind as User
aland at deployingradius.com
Fri May 29 18:39:01 CEST 2020
On May 29, 2020, at 12:11 PM, Jason Leiby <leibyj at gmail.com> wrote:
> I am trying to setup my radius server to authenticate users with their AD
> password. I do not have access to our corporate Active Directory so I
> cannot use Samba and winbind, I only have access to the LDAP server that
> ties into AD. Each user has read only access to LDAP so they can bind with
> the correct credentials and verify the password.
That's fine. It still works.
> I have successfully setup freeradius to connect to the LDAP server and
> verify credentials as long as the ‘identity’ and ‘password’ are provided in
> the ldap module. What I would like to do is bind as the verifying user
> instead of using a single account. Scouring the internet has proven
> fruitless, so I was hoping you can point me in the correct direction. I am
> happy to provide logs and configs if needed. I would first like to confirm
> that this is feasible.
Yes. Lots of people do it. Read sites-available/default. Look for "ldap" in the "authenticate" section. There's examples and documentation.
More information about the Freeradius-Users