On Dec 6, 2021, at 5:34 AM, Adrian Schwab <schwab@bbs1-kl.de> wrote:
so what i'm trying to configure is to set up a freeradius server to authorize and authenticate as user against a ldap server, so users provided in the ldap can access our wifi.
That works... if everything is set top to work. http://deployingradius.com/documents/protocols/compatibility.html
when the authorize with ldap is done (6) the auth-type isn't set properly, it should set it to ldap there doesn't it?
No.
When I tried to manually set auth-type to ldap to test the behaviour, debug ouptuts that User-Password is required,
Yes. Because LDAP is a database. FreeRADIUS is an authentication server. FreeRADIUS *should* read the passwords from the database, and then do the authentication. In some cases, if there's a User-Password available, FreeRADIUS can do LDAP "bind as user" to check the password. But that's only possible if there's a User-Password attribute in the packet.
the ldap user isn't able to read the ldap passwords duo to security reasons,
As in "it's so secure that users can't get onto WiFi".
that's why I want to bind as the user which shouldn't have a problem with that does it?
FreeRADIUS can "bind as user" only if there's a User-Password available.
Am I doing something wrong with the ldap module or anything else or do I have to have permission to read user passwords in ldap to get what I want?
Your choices are: 1) have FreeRADIUS read the passwords from LDAP 1a) passwords in clear text? All authentication methods will work 1b) passwords NOT in clear text? Only TTLS + PAP will work. 2) force FreeRADIUS to do LDAP "bind as user", in which case only TTLS + PAP will work. Alan DeKok.