On Feb 13, 2018, at 10:10 AM, Ing. Pedro Pablo Delgado Martell <ppmartell@eleka.co.cu> wrote:
I'm trying to set freeradius authentication against a *Samba Active Directory Domain Controller v4.3.0* (*sernet-samba-ad*) server. The parameters in my ldap module file look like this:
server = "192.168.1.8" identity = "cn=root,cn=Users,dc=eleka,dc=co,dc=cu" password = password basedn = "dc=eleka,dc=co,dc=cu" filter = "(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
When I run *radtest root password 127.0.0.1 0 testing123* in debug mode (freeradius -X) I get a successful bind (*[ldap] Bind was successful*) but after that, this error is shown:
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
Because Active Directory does not allow LDAP clients to query for the users's password. If you're running *only* Samba, and *not* Active Directory, it may be possible. But if you're running AD, it's impossible. No amount of poking FreeRADIUS will fix this. The problem is with AD, not with FreeRADIUS. Alan DeKok.