On May 29, 2020, at 12:11 PM, Jason Leiby <leibyj@gmail.com> wrote:
I am trying to setup my radius server to authenticate users with their AD password. I do not have access to our corporate Active Directory so I cannot use Samba and winbind, I only have access to the LDAP server that ties into AD. Each user has read only access to LDAP so they can bind with the correct credentials and verify the password.
That's fine. It still works.
I have successfully setup freeradius to connect to the LDAP server and verify credentials as long as the ‘identity’ and ‘password’ are provided in the ldap module. What I would like to do is bind as the verifying user instead of using a single account. Scouring the internet has proven fruitless, so I was hoping you can point me in the correct direction. I am happy to provide logs and configs if needed. I would first like to confirm that this is feasible.
Yes. Lots of people do it. Read sites-available/default. Look for "ldap" in the "authenticate" section. There's examples and documentation. Alan DeKok.