error start freeradius -x

Alan DeKok aland at deployingradius.com
Thu Nov 18 21:05:58 CET 2021 

On Nov 18, 2021, at 2:37 PM, Flavio Bono <flavio at cbitsrl.it> wrote:
> 
> Sorry I'm confused,
> maybe I have not explained well, my intent is to configure the freeradius
> so that it verifies username and password in the active directories of
> windows server 2019 through the ldap service.

  Yes, I understand that.

> I configured the ldap file and I symlinked the mod_enable directory, I
> followed some sites and posts to check my error but I always get the same
> "wrong credentials" result
> 
> The freeradius at the start keeps saying that the credentials are wrong,
> but as you can see I have checked them with ldapsearch and they work.

  Only if you're passing the same things to ldapsearch.

> I followed what is reported in the ldap file to insert the pameters, but I
> think I should see an example to understand where I am wrong.

  The "ldapsearch" command you posted doesn't match what's in the mods-available/ldap file.

  It says:

ldapsearch -D ${identity} -w ${password} -h ${server}  -b 'CN=user,${base_dn}'

  Where you replace ${identity} , etc. with the values you configured in the ldap module.

  You're passing *different* arguments to ldapsearch.  Which means you're testing *something different*.  Which means that the tests aren't helpful.

> Can I find configuration examples to verify my error?

  The documentation in the server is correct.  The configuration examples in the server are correct.

> I believe that many IT have connected freeradius to the AD of windows 2019,
> and will certainly have changed a few parameters to do so but I cannot find
> a guide that explains it in detail.

  There's no magic here.  Follow the documentation.  Follow the examples.  It will work.

  The only reason it won't work is:

a) you're passing different things to FreeRADIUS and to ldapsearch

b) you're running ldapsearch from a different machine than FreeRADIUS, and AD doesn't let the FreeRADIUS machine do the queries

  There really isn't much else.  FreeRADIUS uses the same LDAP libraries that ldapsearch uses.  So if ldapsearch works, then FreeRADIUS works.  You just have to pass the same things to FreeRADIUS and to ldapsearch.

> Can you recommend a guide?

  There's no need for more than what's in the server already.  It works.

  Alan DeKok.

More information about the Freeradius-Users mailing list