Freeradius 3 with LDAP Authentication Bind as User

Alan DeKok aland at
Fri May 29 18:39:01 CEST 2020

On May 29, 2020, at 12:11 PM, Jason Leiby <leibyj at> wrote:
> I am trying to setup my radius server to authenticate users with their AD
> password.  I do not have access to our corporate Active Directory so I
> cannot use Samba and winbind, I only have access to the LDAP server that
> ties into AD.  Each user has read only access to LDAP so they can bind with
> the correct credentials and verify the password.

  That's fine.  It still works.

> I have successfully setup freeradius to connect to the LDAP server and
> verify credentials as long as the ‘identity’ and ‘password’ are provided in
> the ldap module.  What I would like to do is bind as the verifying user
> instead of using a single account.  Scouring the internet has proven
> fruitless, so I was hoping you can point me in the correct direction.  I am
> happy to provide logs and configs if needed.  I would first like to confirm
> that this is feasible.

  Yes.  Lots of people do it.  Read sites-available/default.  Look for "ldap" in the "authenticate" section.  There's examples and documentation.

  Alan DeKok.

More information about the Freeradius-Users mailing list