It didn't! That's what I said earlier and thats the reason why I posted in the list. Like I said, I followed that guide and it didn't work. This is what the debug output says: (25) ldap: WARNING: No "known good" password added. Ensure the admin user has permission to read the password attribute (25) ldap: WARNING: PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure) Citando Alan DeKok <aland@deployingradius.com>:
On Aug 17, 2023, at 8:14 AM, Rodrigo Abrantes Antunes <rodrigoantunes@pelotas.ifsul.edu.br> wrote:
With TTLS + PAP I still need read access to the user password in AD right?
No. You can do "bind as user". That's what I said.
This is what is said in the debug output at least, so it doesn't help me because I don't have this access like I said earlier.
Did you read what I said? TTLS+PAP means that "bind as user" will work. Which means that FreeRADIUS doesn't need to read the password.
Stop arguing and go test it. It will work.
Alan DeKok.
-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html