Mike Richardson wrote:
2) Configure an test LDAP with "radtest" (clear-text password) for a *different* user
Doesn't work. Similar sort of error though.
Then fix that before proceeding with EAP.
Don't do 802.1x and LDAP until you have normal "radtest" working with LDAP.
AFAICT radtest doesn't do EAP so it didn't seem to be a particularly valid test.
To be blunt: it's rude to ask questions of experts, and then to tell them that their answers are invalid. If you know better, why are you asking questions on this list?
The approach required appeared quite different but I'm open to suggestions. I've spent a long time trying to get RADIUS/LDAP auth to work in any format.
I've spent over 10 years working with RADIUS, and almost 9 years with FreeRADIUS. The "Active Directory with LDAP && TTLS" issue has come up more times than I can count. It has been *solved* more times than I can count, by FOLLOWING INSTRUCTIONS.
Anyway, the output from a test with 'radtest' and LDAP: ... rlm_ldap: Over-riding set_auth_type, as we're not listed in the "authenticate" section.
You were told to go fix this. Do it. Now
rad_recv: Access-Request packet from host 130.88.200.85:1025, id=61, length=48 User-Name = "raduser2" User-Password = "raduser20" ... rlm_ldap: looking for check items in directory...
Nothing. This isn't surprising for Active Directory.
auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
If you have configured "ldap" in the "authenticate" section, then this would work. The LDAP "bind as user" works with AD for PAP requests. Hint: look in the configuration files for instances of the word "ldap". Read the comments. Un-comment the sample configurations. It's *not* hard. 1) install FreeRADIUS 2) configure LDAP (*all* references in radiusd.conf && sites-available/default) 3) validate that radtest works. Alan DeKok.